为您找到"
webNasIPS
"相关结果约100,000,000个
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
The remote code execution vulnerability exists due to improper input validation in the webNasIPS component in the api.php script. An unauthenticated, remote attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the webNasIPS component in the api.php script. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
TerraMaster NAS Remote Command Execution Vulnerability | CVE-2022-24990 TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
One of the issues, tracked as CVE-2022-24990, concerns a case of information leak in a component called "webNasIPS," resulting in the exposure of TOS firmware version, the default gateway interface's IP and MAC address, and a hash of the administrator password. The second shortcoming, on the other hand, relates to a command injection flaw in a PHP module called "createRaid" (CVE-2022-24989 ...
According to its self-reported version, the instance of Terramaster TOS running on the remote web server is < 4.2.30. It is, therefore, affected by a vulnerability that allows remote attackers to discover the administrative password by sending 'User-Agent: TNAS' to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
TerraMaster NAS 4.2.29 is vulnerable to CVE-2022-24990, a Remote Code Execution vulnerability, affecting the module/api.php?mobile/webNasIPS endpoint. The root cause of this vulnerability is improper input validation in the webNasIPS component in the api.php script.
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4229 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution" Exploiting vulnerable endpoint apiphp?mobile/webNasIPS leaking sensit ...
A vulnerability, which was classified as problematic, was found in TerraMaster NAS up to 4.2.29. This vulnerability is uniquely identified as CVE-2022-24990.