CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

VulnCheck KEV: CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any...

TerraMaster NAS Security Vulnerability

TerraMaster NAS is a shared file storage appliance from TerraMaster China. A security vulnerability exists in TerraMaster NAS versions v.s1.0 through v.2.295 that originates from a vulnerability that allows remote attackers to obtain sensitive information via a crafted GET request...

CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added three flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage TNAS devices...

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added three flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage TNAS devices...

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. Recent assessments: cbeek-r7 at July 26, 2024 7:31pm UTC reported: A July 2024 bullet...

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

PT-2022-1802 · Terramaster · Terramaster Nas

Name of the Vulnerable Software and Affected Versions: TerraMaster NAS versions prior to 4.2.31 Description: The issue is related to the createRaid module in TerraMaster NAS devices, which allows for the injection of arbitrary commands. This can enable a remote attacker to execute arbitrary code...

Terramaster NAS Information Disclosure Vulnerability (Oct 2019) - Active Check

Terramaster NAS devices are prone to an information disclosure vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

TerraMaster NAS TOS <= 3.0.30 Unauthenticated RCE as Root

Recently I bought a TerraMaster F2-420 NAS from Amazon in order to store my private code, backups and this kind of stuff. As soon as it arrived I started to play with its web interface and eventually I wanted to see how it was implemented, moreover I was curious to see if I could find any remotel...

Terramaster NAS File Upload Vulnerability (May 2017) - Active Check

Terramaster NAS is prone to a file upload vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

TerraMaster NAS Detection (HTTP)

HTTP based detection of TerraMaster NAS. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute...

TerraMaster NAS 权限提升漏洞

No description provided by source...