CVE-2020-28188

Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. Date published : 2020-12-24 https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/

https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/