CVE-2020-15568
Detection of CVE-2020-15568 observed from our Honeypots
Sigma rule (View on GitHub)
1title: CVE-2020-15568
2status: experimental
3description: Detection of CVE-2020-15568 observed from our Honeypots
4references:
5 - https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/
6author: Loginsoft Research Unit
7date: 2021/09/28
8logsource:
9 product: TerraMaster TOS
10 category: Operating System
11detection:
12 selection:
13 c-uri: "/include/exportUser.php?"
14 cs-method: "POST"
15 c-uri-query: "type=3&cla=application&func=_exec&opt=php"
16 keywords1:
17 - "file_put_contents"
18 - "file_get_contents"
19 keywords2:
20 - "wget"
21 - "curl"
22 condition: selection and keywords1 and keywords2
23level: High
References
-
TL;DR Find out how we exploited an unauthenticated TerraMaster OS vulnerability and gained root access to the device. Vulnerability Summary TerraMaster Operating System (TOS) is an operating system designed for TNAS devices. Invalid parameter checking in TOS leads to an unauthenticated Remote Code Execution vulnerability in the product, further to that the executed code runs … Read More »
Read More