module
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
| Disclosed | Created |
|---|---|
| 2022-03-07 | 2023-06-14 |
Disclosed
2022-03-07
Created
2023-06-14
Description
This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29
and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information"
and CVE-2022-24989, "Authenticated remote code execution".
Exploiting vulnerable endpoint `api.php?mobile/webNasIPS` leaking sensitive information such as admin password
hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint
`api.php?mobile/createRaid` with POST parameters `raidtype` and `diskstring` to execute remote code as root
on TerraMaster NAS devices.
and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information"
and CVE-2022-24989, "Authenticated remote code execution".
Exploiting vulnerable endpoint `api.php?mobile/webNasIPS` leaking sensitive information such as admin password
hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint
`api.php?mobile/createRaid` with POST parameters `raidtype` and `diskstring` to execute remote code as root
on TerraMaster NAS devices.
Authors
h00die-gr3y h00die.gr3y@gmail.com
Octagon Networks
0xf4n9x
Octagon Networks
0xf4n9x
Platform
Linux,Unix
Architectures
cmd, x64, x86, aarch64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.