16 matches found
TerraMaster TOS < 4.2.30 Server Information Disclosure
TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure. id: CVE-2022-24990 info: name: TerraMaster TOS 4.2.30 Server Information Disclosure author: dwisiswant0 severity: high description: TerraMaster NAS devices running TOS prior to version 4.2.30 are...
CVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29 and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint...
TerraMaster TOS 4.2.29 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989',...
TerraMaster TOS < 4.2.30 Command Injection (CVE-2022-24990)
According to its self-reported version, the instance of Terramaster TOS running on the remote web server is 4.2.30. It is, therefore, affected by a vulnerability that allows remote attackers to discover the administrative password by sending 'User-Agent: TNAS' to module/api.php?mobile/webNasIPS a...
Terramaster TOS < 4.2.31 Multiple Information Disclosure Vulnerabilities - Active Check
Terramaster TOS is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...
CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added three flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage TNAS devices...
CVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...
CVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. Recent assessments: cbeek-r7 at July 26, 2024 7:31pm UTC reported: A July 2024 bullet...
CVE-2022-24990
CVE-2022-24990 — TerraMaster NAS : TerraMaster OS (TOS) 4.2.29 and earlier allows unauthenticated remote attackers to leak the administrator password by sending a crafted request to api.php?mobile/webNasIPS and reading the PWD field in the response, enabling further compromise. Public references ...
Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System
It is an exploit module for CVE-2022-24990, a TerraMaster TOS Un...
Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System
It is an exploit module for a remote command execution vulnerabi...
Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System
CVE-2022-24990 CVE-2022-24990: Information lea...
Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System
CVE-2022-24990 CVE-2022-24990 TerraMaster TOS unauthenticate...
Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System
CVE-2022-24990-POC It’s just a poc; it’s not an exploit...
CVE-2022-24990
creationtimestamp| type| source ---|---|--- 2022-03-08 01:43:00+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1615 2022-03-08 13:08:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/5560 2022-03-20 05:23:50+00:00| published-proof-of-concept|...