TerraMaster RCE (CVE-2022-24990)
- Severity
- CVSSv3 Score
- 7.5
- Vulnerability description
TerraMaster NAS 4.2.29 is vulnerable to CVE-2022-24990, a Remote Code Execution vulnerability, affecting the
module/api.php?mobile/webNasIPS
endpoint. The root cause of this vulnerability is improper input validation in the webNasIPS component in the api.php script. This vulnerability allows an unauthenticated remote attacker to discover an administrative password by sending "User-Agent: TNAS" tomodule/api.php?mobile/webNasIPS
and then reading the PWD field in the response. This allows them further to gain remote code execution asroot
user.- Risk description
The risk exists that an unauthenticated remote attacker could gain Remote Code Execution access which will result in a fully compromised server through which they could steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Update TerraMaster NAS to one of the currently fixed versions.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Feb 2023
- Published at
- Updated at
- Software Type
- NAS
- Vendor
- TerraMaster
- Product
- TerraMaster NAS