Lucene search

[email protected]CVE-2020-29189

HistoryDec 24, 2020 - 3:15 p.m.

CVE-2020-29189

2020-12-2415:15:13

[email protected]

web.nvd.nist.gov

cve

2020

29189

incorrect access control

vulnerability

terramaster tos

nas

nvd

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS

Affected configurations

NVD

Node

terra-mastertosRange≤4.2.06

CPENameOperatorVersion
terra-master:tosterra-master tosle4.2.06

CPE	Name	Operator	Version
terra-master:tos	terra-master tos	le	4.2.06

References

terramaster.com

www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/

Social References

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for CVE-2020-29189

nvd2 prion2 cvelist1 cve1 openvas1