CVE-2020-28190
Summary
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates.
- HIGH
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
References
Advisory Timeline
- Published