CVE-2022-24990

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

0xf4n9x/CVE-2022-24990
0xf4n9x/CVE-2022-24990
CVE-2022-24990 TerraMaster TOS unauthenticated RCE via PHP Object Instantiation
GitHubGitHub
15