Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-24990

Published: 07/02/2023 Updated: 08/08/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Terra-master

Vulnerability Summary

TerraMaster NAS 4.2.29 and previous versions allows remote malicious users to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

terra-master terramaster_operating_system

Exploits

Exploit DB: TerraMaster TOS 4.2.29 Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4229 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution" Exploiting vulnerable endpoint apiphp?mobile/webNasIPS leaking sensit ...
Exploit DB: TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4229 and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution" Exploiting vulnerable endpoint `apiphp?mobile/webNasIPS` le ...

Metasploit Modules

TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989

This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29 and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint `api.php?mobile/webNasIPS` leaking sensitive information such as admin password hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint `api.php?mobile/createRaid` with POST parameters `raidtype` and `diskstring` to execute remote code as root on TerraMaster NAS devices.

msf > use exploit/linux/http/terramaster_unauth_rce_cve_2022_24990
msf exploit(terramaster_unauth_rce_cve_2022_24990) > show targets
    ...targets...
msf exploit(terramaster_unauth_rce_cve_2022_24990) > set TARGET < target-id >
msf exploit(terramaster_unauth_rce_cve_2022_24990) > show options
    ...show and set options...
msf exploit(terramaster_unauth_rce_cve_2022_24990) > exploit

Github Repositories

https://github.com/lishang520/CVE-2022-24990

CVE-2022-24990信息泄露+RCE 一条龙

CVE-2022-24990 CVE-2022-24990信息泄露+RCE 一条龙 该poc会往目标写入文件,这里写入的是phpinfo,若需要其他功能,请自己修改,请勿用作违法用途

https://github.com/0xf4n9x/CVE-2022-24990

CVE-2022-24990 TerraMaster TOS unauthenticated RCE via PHP Object Instantiation

CVE-2022-24990 CVE-2022-24990 TerraMaster TOS unauthenticated RCE via PHP Object Instantiation Usage Vulnerability Detection python CVE-2022-24990py -u 127001:8080 Upload a PHP webshell python CVE-2022-24990py -a 127001:8080 Reference octagonnet/blog/2022/03/07/cv

https://github.com/VVeakee/CVE-2022-24990-POC

仅仅是poc,并不是exp

CVE-2022-24990-POC 仅仅是poc,并不是exp windows系统使用cve-2022-24990exe Linux系统使用cve-2022-24990 使用很简单 -u 单目标扫描 -f 批量扫描 -t 线程数量,默认20

https://github.com/jsongmax/terraMaster-CVE-2022-24990

terraMaster-CVE-2022-24990 工具简介 针对 CVE-2022-24990 的快速利用工具,新手代码,有问题欢迎提issus 使用方法 main -u 127001:8181 -t poc(exp) poc 仅检测信息泄露漏洞 exp 尝试上传WebShell 免责声明 本工具仅面向合法授权的企业安全建设行为,例如企业内部攻防演练、漏洞验证和复测,如您需要

https://github.com/antx-code/CVE-2022-24990

TerraMaster TOS Unauthenticated Remote Command Execution(RCE) Vulnerability CVE-2022-24990

CVE-2022-24990 Description POC for CVE-2022-24990: TerraMaster TOS unauthenticated remote command execution via PHP Object Instantiation create by antx at 2022-04-12 Detail The vulnerability allows a remote attacker to execute arbitrary commands on the target system The vulnerability exists due to improper input validation in the webNasIPS component in the apip

References

CWE-306https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732https://forum.terra-master.com/en/viewforum.php?f=28https://github.com/0xf4n9x/CVE-2022-24990http://packetstormsecurity.com/files/172904/TerraMaster-TOS-4.2.29-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/172904/TerraMaster-TOS-4.2.29-Remote-Code-Execution.htmlhttps://github.com/lishang520/CVE-2022-24990
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook