CVE-2020-28186
HIGHTerraMaster TOS <= 4.2.06 - Unauthenticated Account Takeover via Email Injection
Title source: llmDescription
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.terra-master.com/
Exploit, Third Party Advisory x_refsource_misc
https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
Scores
CVSS v3
7.3
EPSS
0.0413
EPSS Percentile
89.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-640
Status
published
Products (1)
terra-master/tos
< 4.2.06
Published
Dec 24, 2020
Tracked Since
Feb 18, 2026