module
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
| Disclosed |
|---|
| Mar 7, 2022 |
Disclosed
Mar 7, 2022
Description
This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29
and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information"
and CVE-2022-24989, "Authenticated remote code execution".
Exploiting vulnerable endpoint `api.php?mobile/webNasIPS` leaking sensitive information such as admin password
hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint
`api.php?mobile/createRaid` with POST parameters `raidtype` and `diskstring` to execute remote code as root
on TerraMaster NAS devices.
and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information"
and CVE-2022-24989, "Authenticated remote code execution".
Exploiting vulnerable endpoint `api.php?mobile/webNasIPS` leaking sensitive information such as admin password
hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint
`api.php?mobile/createRaid` with POST parameters `raidtype` and `diskstring` to execute remote code as root
on TerraMaster NAS devices.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.