TerraMaster TOS CVE-2020-28188

calendar Jun 20, 2023 · attack.t1190 attack.initial_access cve.2020.28188 detection.emerging_threats  ·
Share on: linkedin copy

Detects the exploitation of the TerraMaster TOS vulnerability described in CVE-2020-28188

Sigma rule (View on GitHub)

 1title: TerraMaster TOS CVE-2020-28188
 2id: 15c312b9-00d0-4feb-8870-7d940a4bdc5e
 3status: test
 4description: Detects the exploitation of the TerraMaster TOS vulnerability described in CVE-2020-28188
 5references:
 6    - https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
 7    - https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
 8author: Bhabesh Raj
 9date: 2021/01/25
10modified: 2023/01/02
11tags:
12    - attack.t1190
13    - attack.initial_access
14    - cve.2020.28188
15    - detection.emerging_threats
16logsource:
17    category: webserver
18detection:
19    base_url:
20        cs-method: 'GET'
21        cs-uri-query|contains|all:
22            - '/include/makecvs.php'
23            - '?Event='
24    payload:
25        cs-uri-query|contains:
26            - 'curl'
27            - 'wget'
28            - '.py'
29            - '.sh'
30            - 'chmod'
31            - '_GET'
32    condition: base_url and payload
33fields:
34    - c-ip
35    - c-dns
36falsepositives:
37    - Unknown
38level: high

References

  • TerraMaster TOS Multiple Vulnerabilities - IHTeam Security Blog

    TerraMaster is well known for producing data storage devices (NAS and DAS) since 2010. TOS is the name of their web interface to manage functionalities of the device. The product is not new to security vulnerabilities, as Joshua M. of ISE highlighted back in 2018 (https://blog.securityevaluators.com/terramaster-nas-vulnerabilities-discovered-and-exploited-b8e5243e7a63).In 2020, IHTeam performed a security review of the current […]


    Read More

  • FreakOut – Leveraging Newest Vulnerabilities for creating a Botnet - Check Point Research

    Research By: Omer Ventura, Ori Hamama, Network Research Introduction Recently, Check Point Research encountered several attacks that exploited multiple vulnerabilities, including some that were only recently published, to inject OS commands. The goal behind the attacks was to create an IRC botnet, which can later be used for several purposes, such as DDoS attacks or […]


    Read More

Related rules

to-top