CVE-2020-15568 Scanner

TerraMaster TOS refers to a software suite designed for use in network-attached storage (NAS) devices. This system serves to manage data storage, backups, and remote access to files and applications stored therein. It provides users with a user-friendly interface to manage their stored data, and it has features that enable data encryption and protection. TerraMaster TOS’s popularity has made it a prime target for cybercriminals looking to exploit vulnerabilities in the software. 

One such vulnerability is CVE-2020-15568, which is essentially a code injection flaw in the TerraMaster TOS version before 4.1.29. The vulnerability is located in the include/exportUser.php file, where attackers can exploit an invalid parameter checking method to execute arbitrary code on the affected device. This vulnerability allows an attacker to craft malicious code that can lead to complete systems compromise and data theft. 

When CVE-2020-15568 is exploited, the attacker can gain root access to the TerraMaster TOS system and can run any command as the superuser. This means that they can install malware, create backdoors, and steal sensitive data from the system. The attacker can also use this vulnerability to execute commands that can be used to propagate the attack to other systems on the network. 

With s4e.io’s pro features, users can quickly and easily learn about vulnerabilities in their digital assets. These features include automated Vulnerability Assessment scans that can detect software flaws and bugs, as well as instant alerts on new security threats affecting digital assets. With s4e.io, you can keep your digital assets, including TerraMaster TOS systems, safe from cyber-attacks.

REFERENCES

• https://help.terra-master.com/TOS/view/ 
• https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/