User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-28185
• https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
• https://www.terra-master.com/