CVE-2020-28186
First published: Thu Dec 24 2020(Updated: )
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Terra-master Tos | <=4.2.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this email injection vulnerability in TerraMaster TOS?
The vulnerability ID for this email injection vulnerability in TerraMaster TOS is CVE-2020-28186.
What is the impact of this email injection vulnerability?
This email injection vulnerability allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
What is the affected software version?
The affected software version is TerraMaster TOS <= 4.2.06.
Is authentication required to exploit this vulnerability?
No, remote unauthenticated attackers can exploit this vulnerability.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is high with a CVSS score of 7.3.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/terra-master
- canonical/terra-master tos
- version/terra-master tos/4.2.06