Lucene search
+L

432 matches found

Metasploit
Metasploit
added 2023/06/14 7:50 p.m.355 views

TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989

This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29 and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint...

9.8CVSS9.6AI score0.8405EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/06/13 12:0 a.m.483 views

TerraMaster TOS 4.2.29 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989',...

9.8CVSS7.1AI score0.8405EPSS
Exploits10
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.10 views

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system from China's TerraMaster, dedicated to the TerraMaster Cloud Storage NAS server. A security vulnerability exists in TerraMaster TOS 4.2.15 and earlier versions, which can be exploited by an attacker to execute a session for privilege escalation...

8.6AI score
Exploits3References1
0day.today
0day.today
added 2023/06/12 12:0 a.m.372 views

TerraMaster TOS 4.2.06 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute comman...

9.8CVSS10AI score0.96598EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/06/12 12:0 a.m.452 views

TerraMaster TOS 4.2.15 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.', 'Description...

10CVSS7.1AI score0.15727EPSS
Exploits6
0day.today
0day.today
added 2023/06/12 12:0 a.m.368 views

TerraMaster TOS 4.2.15 Remote Code Execution Exploit

This Metasploit module is a Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. This module requires Metasploit: https://metasploit.com/download...

9.8CVSS7.5AI score0.15727EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/06/12 12:0 a.m.383 views

TerraMaster TOS 4.2.06 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unauthenticated remote...

10CVSS7.1AI score0.96598EPSS
Exploits4
Metasploit
Metasploit
added 2023/06/10 7:49 p.m.337 views

TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution

This module exploits an unauthenticated remote code-execution vulnerability in TerraMaster TOS 4.2.06 and lower via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system und...

9.1AI score
Exploits0
Metasploit
Metasploit
added 2023/06/09 7:50 p.m.341 views

TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.

Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. CVE-2021-45839 is exploited to obtain the first administrator's hash set up on the system as we...

10CVSS8.6AI score0.15727EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2023/06/02 12:0 a.m.64 views

TerraMaster TOS < 4.2.30 Command Injection (CVE-2022-24990)

According to its self-reported version, the instance of Terramaster TOS running on the remote web server is 4.2.30. It is, therefore, affected by a vulnerability that allows remote attackers to discover the administrative password by sending 'User-Agent: TNAS' to module/api.php?mobile/webNasIPS a...

9.8CVSS8.5AI score0.8405EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.8 views

Terramaster TOS Web Detection

Binary data terramastertosdetect.nbin...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2023/02/22 12:0 a.m.32 views

Terramaster TOS < 4.2.31 Multiple Information Disclosure Vulnerabilities - Active Check

Terramaster TOS is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

9.8CVSS7.8AI score0.8405EPSS
Exploits15References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.5 views

SUSE CVE-2017-9328

Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root...

10CVSS8.6AI score0.07375EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2023/02/11 5:45 a.m.6 views

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added three flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage TNAS devices...

9.8CVSS8.4AI score0.99999EPSS
Exploits28
The Hacker News
The Hacker News
added 2023/02/11 5:45 a.m.97 views

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added three flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage TNAS devices...

7.8CVSS1AI score0.99999EPSS
Exploits28
CISA KEV Catalog
CISA KEV Catalog
added 2023/02/10 12:0 a.m.47 views

TerraMaster OS Remote Command Execution Vulnerability

TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint...

9.8CVSS3.9AI score0.8405EPSS
In wildExploits9
NVD
NVD
added 2023/02/07 6:15 p.m.24 views

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

9.8CVSS8.9AI score0.8405EPSS
Exploits9References6
OSV
OSV
added 2023/02/07 6:15 p.m.5 views

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

7.5CVSS5.8AI score0.8405EPSS
Exploits9References6
Prion
Prion
added 2023/02/07 6:15 p.m.36 views

Default credentials

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

5CVSS7.7AI score0.8405EPSS
Exploits9References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/07 12:0 a.m.17 views

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

7.8AI score0.8405EPSS
Exploits9References5
Rows per page
Query Builder