Lucene search
+L

16 matches found

Nuclei
Nuclei
added 3 days ago77 views

TerraMaster TOS < 4.2.30 Server Information Disclosure

TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure. id: CVE-2022-24990 info: name: TerraMaster TOS 4.2.30 Server Information Disclosure author: dwisiswant0 severity: high description: TerraMaster NAS devices running TOS prior to version 4.2.30 are...

9.8CVSS7.1AI score0.8405EPSS
Exploits9References5
RedhatCVE
RedhatCVE
added 2025/05/23 12:3 a.m.15 views

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

9.8CVSS7.4AI score0.8405EPSS
Exploits9References1
Metasploit
Metasploit
added 2023/06/14 7:50 p.m.355 views

TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989

This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29 and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint...

9.8CVSS9.6AI score0.8405EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/06/13 12:0 a.m.483 views

TerraMaster TOS 4.2.29 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989',...

9.8CVSS7.1AI score0.8405EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2023/06/02 12:0 a.m.64 views

TerraMaster TOS < 4.2.30 Command Injection (CVE-2022-24990)

According to its self-reported version, the instance of Terramaster TOS running on the remote web server is 4.2.30. It is, therefore, affected by a vulnerability that allows remote attackers to discover the administrative password by sending 'User-Agent: TNAS' to module/api.php?mobile/webNasIPS a...

9.8CVSS8.5AI score0.8405EPSS
Exploits9References3
OpenVAS
OpenVAS
added 2023/02/22 12:0 a.m.32 views

Terramaster TOS < 4.2.31 Multiple Information Disclosure Vulnerabilities - Active Check

Terramaster TOS is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

9.8CVSS7.8AI score0.8405EPSS
Exploits15References4
The Hacker News
The Hacker News
added 2023/02/11 5:45 a.m.97 views

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added three flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage TNAS devices...

7.8CVSS1AI score0.99999EPSS
Exploits28
Vulnrichment
Vulnrichment
added 2023/02/07 12:0 a.m.17 views

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

7.8AI score0.8405EPSS
Exploits9References5
ATTACKERKB
ATTACKERKB
added 2023/02/07 12:0 a.m.508 views

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. Recent assessments: cbeek-r7 at July 26, 2024 7:31pm UTC reported: A July 2024 bullet...

10CVSS8.8AI score0.8405EPSS
In wildExploits17References6
CVE
CVE
added 2023/02/07 12:0 a.m.720 views

CVE-2022-24990

CVE-2022-24990 — TerraMaster NAS : TerraMaster OS (TOS) 4.2.29 and earlier allows unauthenticated remote attackers to leak the administrator password by sending a crafted request to api.php?mobile/webNasIPS and reading the PWD field in the response, enabling further compromise. Public references ...

9.8CVSS8.7AI score0.8405EPSS
In wildExploits9References6Affected Software1
GithubExploit
GithubExploit
added 2022/04/12 2:45 a.m.12 views

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

It is an exploit module for a remote command execution vulnerabi...

9.8CVSS9.2AI score0.8405EPSS
Exploits9
GithubExploit
GithubExploit
added 2022/04/12 2:45 a.m.473 views

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

It is an exploit module for CVE-2022-24990, a TerraMaster TOS Un...

9.8CVSS9.4AI score0.8405EPSS
Exploits9
GithubExploit
GithubExploit
added 2022/03/20 5:21 a.m.675 views

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

CVE-2022-24990 CVE-2022-24990: Information lea...

9.8CVSS7.4AI score0.8405EPSS
Exploits9
GithubExploit
GithubExploit
added 2022/03/20 5:15 a.m.323 views

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

CVE-2022-24990 CVE-2022-24990 TerraMaster TOS unauthenticate...

9.8CVSS9.1AI score0.8405EPSS
Exploits9
GithubExploit
GithubExploit
added 2022/03/10 3:16 a.m.575 views

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

CVE-2022-24990-POC It’s just a poc; it’s not an exploit...

9.8CVSS7.3AI score0.8405EPSS
Exploits9
Circl
Circl
added 2022/03/08 1:43 a.m.6 views

CVE-2022-24990

creationtimestamp| type| source ---|---|--- 2022-03-08 01:43:00+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1615 2022-03-08 13:08:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/5560 2022-03-20 05:23:50+00:00| published-proof-of-concept|...

9.8CVSS7.1AI score0.8405EPSS
In wildExploits9References17
Rows per page
Query Builder