7 matches found
CVE-2022-24989
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...
CVE-2022-24989
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...
CVE-2022-24989
CVE-2022-24989 affects TerraMaster NAS/TOS up to version 4.2.30, enabling remote code execution as root via PHP Object Instantiation in the api.php?mobile/createRaid endpoint. The exploit relies on unsanitized input in the raidtype parameter (Shell metacharacters) and can be chained with credenti...
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29 and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint...
CVE-2022-24989
creationtimestamp| type| source ---|---|--- 2023-06-13 19:50:28+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/terramasterunauthrcecve202224990.rb 2023-08-20 22:41:28+00:00| seen| https://t.me/cibsecurity/68865 2025-02-06 03:13:45+00:00| seen|...
TerraMaster TOS 4.2.29 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989',...
Terramaster TOS < 4.2.31 Multiple Information Disclosure Vulnerabilities - Active Check
Terramaster TOS is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...