Lucene search
+L

7 matches found

attackerkb
attackerkb
added 2023/08/20 6:15 p.m.7 views

CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...

9.8CVSS6.2AI score0.8405EPSS
Exploits10References7
nvd
nvd
added 2023/08/20 6:15 p.m.33 views

CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...

9.8CVSS8.2AI score0.31881EPSS
Exploits3References5
cve
cve
added 2023/08/20 12:0 a.m.190 views

CVE-2022-24989

CVE-2022-24989 affects TerraMaster NAS/TOS up to version 4.2.30, enabling remote code execution as root via PHP Object Instantiation in the api.php?mobile/createRaid endpoint. The exploit relies on unsanitized input in the raidtype parameter (Shell metacharacters) and can be chained with credenti...

9.8CVSS9.2AI score0.31881EPSS
In wildExploits3References5Affected Software1
metasploit
metasploit
added 2023/06/14 7:50 p.m.354 views

TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989

This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29 and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint...

9.8CVSS9.6AI score0.8405EPSS
Exploits10
circl
circl
added 2023/06/13 7:50 p.m.7 views

CVE-2022-24989

creationtimestamp| type| source ---|---|--- 2023-06-13 19:50:28+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/terramasterunauthrcecve202224990.rb 2023-08-20 22:41:28+00:00| seen| https://t.me/cibsecurity/68865 2025-02-06 03:13:45+00:00| seen|...

9.8CVSS8.9AI score0.31881EPSS
Exploits3References2
packetstorm
packetstorm
added 2023/06/13 12:0 a.m.482 views

TerraMaster TOS 4.2.29 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989',...

9.8CVSS7.1AI score0.8405EPSS
Exploits10
openvas
openvas
added 2023/02/22 12:0 a.m.32 views

Terramaster TOS < 4.2.31 Multiple Information Disclosure Vulnerabilities - Active Check

Terramaster TOS is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

9.8CVSS7.8AI score0.8405EPSS
Exploits15References4
Rows per page
Query Builder