.. / CVE-2022-24990

Exploit for TerraMaster TOS < 4.2.30 Server Information Disclosure (CVE-2022-24990)

Description:

TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.

Nuclei Template

View the template here CVE-2022-24990.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-24990.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-24990
https://github.com/ArrestX/--POC
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732
https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
https://forum.terra-master.com/en/viewforum.php?f=28
http://packetstormsecurity.com/files/172904/TerraMaster-TOS-4.2.29-Remote-Code-Execution.html