nuclei-templates/cves/2022/CVE-2022-24990.yaml

49 lines
1.4 KiB
YAML
Raw Normal View History

2022-03-08 01:05:30 +00:00
id: CVE-2022-24990
info:
Dashboard Content Enhancements (#3961) * Enhancement: default-logins/viewpoint/trilithic-viewpoint-login.yaml by mp * Enhancement: default-logins/visionhub/visionhub-default-login.yaml by mp * Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp * Enhancement: default-logins/wifisky/wifisky-default-login.yaml by mp * Enhancement: default-logins/wso2/wso2-default-login.yaml by mp * Enhancement: default-logins/xerox/xerox7-default-login.yaml by mp * Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp * Enhancement: default-logins/zabbix/zabbix-default-login.yaml by mp * Enhancement: default-logins/zmanda/zmanda-default-login.yaml by mp * Enhancement: dns/azure-takeover-detection.yaml by mp * Enhancement: dns/cname-fingerprint.yaml by mp * Enhancement: dns/cname-service-detection.yaml by mp * Enhancement: dns/detect-dangling-cname.yaml by mp * Enhancement: dns/dns-waf-detect.yaml by mp * Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp * Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp * Enhancement: dns/dnssec-detection.yaml by mp * Enhancement: dns/ec2-detection.yaml by mp * Add CVSS/CWE * Trailing space * Linting error on comment indentation * Typo * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: cves/2020/CVE-2020-23517.yaml by mp * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/nameserver-fingerprint.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: dns/txt-fingerprint.yaml by mp * Enhancement: dns/worksites-detection.yaml by mp * Enhancement: exposed-panels/3g-wireless-gateway.yaml by mp * Enhancement: exposed-panels/acemanager-login.yaml by mp * Enhancement: exposed-panels/acrolinx-dashboard.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: cves/2021/CVE-2021-39501.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: cves/2021/CVE-2021-40856.yaml by mp * Enhancement: cves/2021/CVE-2021-40859.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2010/CVE-2010-1875.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/akamai-cloudtest.yaml by mp * Enhancement: exposed-panels/alfresco-detect.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: exposed-panels/amcrest-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-17369.yaml by mp * Enhancement: exposed-panels/apache/public-tomcat-manager.yaml by mp * Enhancement: exposed-panels/apache/apache-apisix-panel.yaml by mp * Enhancement: exposed-panels/ansible-tower-exposure.yaml by mp * Enhancement: exposed-panels/ampps-panel.yaml by mp * Enhancement: exposed-panels/ampps-admin-panel.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: cves/2010/CVE-2010-1878.yaml by mp * Fix encoded chars * trailing space * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: exposed-panels/apiman-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp * Enhancement: exposed-panels/argocd-login.yaml by mp * Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp * Enhancement: exposed-panels/atvise-login.yaml by mp * Enhancement: exposed-panels/avantfax-panel.yaml by mp * Enhancement: exposed-panels/avatier-password-management.yaml by mp * Enhancement: exposed-panels/axigen-webadmin.yaml by mp * Enhancement: exposed-panels/axigen-webmail.yaml by mp * Enhancement: exposed-panels/azkaban-web-client.yaml by mp * Enhancement: exposed-panels/acunetix-panel.yaml by mp * Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp * Enhancement: exposed-panels/adminer-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: exposed-panels/adminset-panel.yaml by mp * Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp * Enhancement: exposed-panels/advance-setup.yaml by mp * Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * spacing issues * Spacing * HTML codes improperly interpreted Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Enhancement: technologies/waf-detect.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: network/exposed-adb.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp * Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp * Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp * indentation issue * Character encoding issue fix * Enhancement: default-logins/alibaba/canal-default-login.yaml by mp * Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Enhancement: default-logins/apache/airflow-default-login.yaml by mp * Enhancement: default-logins/apache/apisix-default-login.yaml by mp * Enhancement: default-logins/apollo/apollo-default-login.yaml by mp * Enhancement: default-logins/arl/arl-default-login.yaml by mp * Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp * Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp * Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp * Enhancement: dns/caa-fingerprint.yaml by mp * Enhancement: exposed-panels/active-admin-exposure.yaml by mp * Enhancement: exposed-panels/activemq-panel.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Restore & stomped by dashboard * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2021/CVE-2021-38751.yaml by mp * Enhancement: cves/2021/CVE-2021-39320.yaml by mp * Enhancement: cves/2021/CVE-2021-39322.yaml by mp * Enhancement: cves/2021/CVE-2021-39327.yaml by mp * Enhancement: cves/2021/CVE-2021-39350.yaml by mp * Enhancement: cves/2021/CVE-2021-39433.yaml by mp * Enhancement: cves/2021/CVE-2021-41192.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp * Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp * Enhancement: exposed-panels/aviatrix-panel.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Enhancement: exposed-panels/blue-iris-login.yaml by mp * Enhancement: exposed-panels/bigbluebutton-login.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Spacing issues Add cve-id field * fix & stomping * Enhancement: cves/2016/CVE-2016-1000141.yaml by mp * Enhancement: cves/2020/CVE-2020-24912.yaml by mp * Enhancement: cves/2021/CVE-2021-35265.yaml by mp * Enhancement: cves/2022/CVE-2022-0437.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: technologies/teradici-pcoip.yaml by mp * Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: exposed-panels/epson-web-control-detect.yaml by mp * Enhancement: exposed-panels/epson-access-detect.yaml by mp * Enhancement: cves/2020/CVE-2020-29453.yaml by mp * Fix spacing Co-authored-by: sullo <sullo@cirt.net>
2022-03-25 11:45:10 +00:00
name: TerraMaster TOS < 4.2.30 Server Information Disclosure
2022-03-08 01:05:30 +00:00
author: dwisiswant0
severity: high
description: TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.
Dashboard Content Enhancements (#3961) * Enhancement: default-logins/viewpoint/trilithic-viewpoint-login.yaml by mp * Enhancement: default-logins/visionhub/visionhub-default-login.yaml by mp * Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp * Enhancement: default-logins/wifisky/wifisky-default-login.yaml by mp * Enhancement: default-logins/wso2/wso2-default-login.yaml by mp * Enhancement: default-logins/xerox/xerox7-default-login.yaml by mp * Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp * Enhancement: default-logins/zabbix/zabbix-default-login.yaml by mp * Enhancement: default-logins/zmanda/zmanda-default-login.yaml by mp * Enhancement: dns/azure-takeover-detection.yaml by mp * Enhancement: dns/cname-fingerprint.yaml by mp * Enhancement: dns/cname-service-detection.yaml by mp * Enhancement: dns/detect-dangling-cname.yaml by mp * Enhancement: dns/dns-waf-detect.yaml by mp * Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp * Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp * Enhancement: dns/dnssec-detection.yaml by mp * Enhancement: dns/ec2-detection.yaml by mp * Add CVSS/CWE * Trailing space * Linting error on comment indentation * Typo * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: cves/2020/CVE-2020-23517.yaml by mp * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/nameserver-fingerprint.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: dns/txt-fingerprint.yaml by mp * Enhancement: dns/worksites-detection.yaml by mp * Enhancement: exposed-panels/3g-wireless-gateway.yaml by mp * Enhancement: exposed-panels/acemanager-login.yaml by mp * Enhancement: exposed-panels/acrolinx-dashboard.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: cves/2021/CVE-2021-39501.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: cves/2021/CVE-2021-40856.yaml by mp * Enhancement: cves/2021/CVE-2021-40859.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2010/CVE-2010-1875.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/akamai-cloudtest.yaml by mp * Enhancement: exposed-panels/alfresco-detect.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: exposed-panels/amcrest-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-17369.yaml by mp * Enhancement: exposed-panels/apache/public-tomcat-manager.yaml by mp * Enhancement: exposed-panels/apache/apache-apisix-panel.yaml by mp * Enhancement: exposed-panels/ansible-tower-exposure.yaml by mp * Enhancement: exposed-panels/ampps-panel.yaml by mp * Enhancement: exposed-panels/ampps-admin-panel.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: cves/2010/CVE-2010-1878.yaml by mp * Fix encoded chars * trailing space * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: exposed-panels/apiman-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp * Enhancement: exposed-panels/argocd-login.yaml by mp * Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp * Enhancement: exposed-panels/atvise-login.yaml by mp * Enhancement: exposed-panels/avantfax-panel.yaml by mp * Enhancement: exposed-panels/avatier-password-management.yaml by mp * Enhancement: exposed-panels/axigen-webadmin.yaml by mp * Enhancement: exposed-panels/axigen-webmail.yaml by mp * Enhancement: exposed-panels/azkaban-web-client.yaml by mp * Enhancement: exposed-panels/acunetix-panel.yaml by mp * Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp * Enhancement: exposed-panels/adminer-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: exposed-panels/adminset-panel.yaml by mp * Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp * Enhancement: exposed-panels/advance-setup.yaml by mp * Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * spacing issues * Spacing * HTML codes improperly interpreted Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Enhancement: technologies/waf-detect.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: network/exposed-adb.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp * Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp * Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp * indentation issue * Character encoding issue fix * Enhancement: default-logins/alibaba/canal-default-login.yaml by mp * Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Enhancement: default-logins/apache/airflow-default-login.yaml by mp * Enhancement: default-logins/apache/apisix-default-login.yaml by mp * Enhancement: default-logins/apollo/apollo-default-login.yaml by mp * Enhancement: default-logins/arl/arl-default-login.yaml by mp * Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp * Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp * Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp * Enhancement: dns/caa-fingerprint.yaml by mp * Enhancement: exposed-panels/active-admin-exposure.yaml by mp * Enhancement: exposed-panels/activemq-panel.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Restore & stomped by dashboard * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2021/CVE-2021-38751.yaml by mp * Enhancement: cves/2021/CVE-2021-39320.yaml by mp * Enhancement: cves/2021/CVE-2021-39322.yaml by mp * Enhancement: cves/2021/CVE-2021-39327.yaml by mp * Enhancement: cves/2021/CVE-2021-39350.yaml by mp * Enhancement: cves/2021/CVE-2021-39433.yaml by mp * Enhancement: cves/2021/CVE-2021-41192.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp * Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp * Enhancement: exposed-panels/aviatrix-panel.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Enhancement: exposed-panels/blue-iris-login.yaml by mp * Enhancement: exposed-panels/bigbluebutton-login.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Spacing issues Add cve-id field * fix & stomping * Enhancement: cves/2016/CVE-2016-1000141.yaml by mp * Enhancement: cves/2020/CVE-2020-24912.yaml by mp * Enhancement: cves/2021/CVE-2021-35265.yaml by mp * Enhancement: cves/2022/CVE-2022-0437.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: technologies/teradici-pcoip.yaml by mp * Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: exposed-panels/epson-web-control-detect.yaml by mp * Enhancement: exposed-panels/epson-access-detect.yaml by mp * Enhancement: cves/2020/CVE-2020-29453.yaml by mp * Fix spacing Co-authored-by: sullo <sullo@cirt.net>
2022-03-25 11:45:10 +00:00
reference:
- https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
- https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732
- https://forum.terra-master.com/en/viewforum.php?f=28
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-24990
2022-03-08 01:30:33 +00:00
metadata:
shodan-query: TerraMaster
tags: cve,cve2022,terramaster,exposure,kev
2022-03-08 01:05:30 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/module/api.php?mobile/webNasIPS"
headers:
User-Agent: "TNAS"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: header
words:
- "application/json"
- "TerraMaster"
condition: and
- type: regex
part: body
regex:
- "webNasIPS successful"
- "(ADDR|(IFC|PWD|[DS]AT)):"
- "\"((firmware|(version|ma(sk|c)|port|url|ip))|hostname)\":" # cherry pick
Dashboard Content Enhancements (#3961) * Enhancement: default-logins/viewpoint/trilithic-viewpoint-login.yaml by mp * Enhancement: default-logins/visionhub/visionhub-default-login.yaml by mp * Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp * Enhancement: default-logins/wifisky/wifisky-default-login.yaml by mp * Enhancement: default-logins/wso2/wso2-default-login.yaml by mp * Enhancement: default-logins/xerox/xerox7-default-login.yaml by mp * Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp * Enhancement: default-logins/zabbix/zabbix-default-login.yaml by mp * Enhancement: default-logins/zmanda/zmanda-default-login.yaml by mp * Enhancement: dns/azure-takeover-detection.yaml by mp * Enhancement: dns/cname-fingerprint.yaml by mp * Enhancement: dns/cname-service-detection.yaml by mp * Enhancement: dns/detect-dangling-cname.yaml by mp * Enhancement: dns/dns-waf-detect.yaml by mp * Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp * Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp * Enhancement: dns/dnssec-detection.yaml by mp * Enhancement: dns/ec2-detection.yaml by mp * Add CVSS/CWE * Trailing space * Linting error on comment indentation * Typo * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: cves/2020/CVE-2020-23517.yaml by mp * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/nameserver-fingerprint.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: dns/txt-fingerprint.yaml by mp * Enhancement: dns/worksites-detection.yaml by mp * Enhancement: exposed-panels/3g-wireless-gateway.yaml by mp * Enhancement: exposed-panels/acemanager-login.yaml by mp * Enhancement: exposed-panels/acrolinx-dashboard.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: cves/2021/CVE-2021-39501.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: cves/2021/CVE-2021-40856.yaml by mp * Enhancement: cves/2021/CVE-2021-40859.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2010/CVE-2010-1875.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/akamai-cloudtest.yaml by mp * Enhancement: exposed-panels/alfresco-detect.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: exposed-panels/amcrest-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-17369.yaml by mp * Enhancement: exposed-panels/apache/public-tomcat-manager.yaml by mp * Enhancement: exposed-panels/apache/apache-apisix-panel.yaml by mp * Enhancement: exposed-panels/ansible-tower-exposure.yaml by mp * Enhancement: exposed-panels/ampps-panel.yaml by mp * Enhancement: exposed-panels/ampps-admin-panel.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: cves/2010/CVE-2010-1878.yaml by mp * Fix encoded chars * trailing space * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: exposed-panels/apiman-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp * Enhancement: exposed-panels/argocd-login.yaml by mp * Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp * Enhancement: exposed-panels/atvise-login.yaml by mp * Enhancement: exposed-panels/avantfax-panel.yaml by mp * Enhancement: exposed-panels/avatier-password-management.yaml by mp * Enhancement: exposed-panels/axigen-webadmin.yaml by mp * Enhancement: exposed-panels/axigen-webmail.yaml by mp * Enhancement: exposed-panels/azkaban-web-client.yaml by mp * Enhancement: exposed-panels/acunetix-panel.yaml by mp * Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp * Enhancement: exposed-panels/adminer-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: exposed-panels/adminset-panel.yaml by mp * Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp * Enhancement: exposed-panels/advance-setup.yaml by mp * Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * spacing issues * Spacing * HTML codes improperly interpreted Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Enhancement: technologies/waf-detect.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: network/exposed-adb.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp * Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp * Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp * indentation issue * Character encoding issue fix * Enhancement: default-logins/alibaba/canal-default-login.yaml by mp * Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Enhancement: default-logins/apache/airflow-default-login.yaml by mp * Enhancement: default-logins/apache/apisix-default-login.yaml by mp * Enhancement: default-logins/apollo/apollo-default-login.yaml by mp * Enhancement: default-logins/arl/arl-default-login.yaml by mp * Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp * Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp * Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp * Enhancement: dns/caa-fingerprint.yaml by mp * Enhancement: exposed-panels/active-admin-exposure.yaml by mp * Enhancement: exposed-panels/activemq-panel.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Restore & stomped by dashboard * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2021/CVE-2021-38751.yaml by mp * Enhancement: cves/2021/CVE-2021-39320.yaml by mp * Enhancement: cves/2021/CVE-2021-39322.yaml by mp * Enhancement: cves/2021/CVE-2021-39327.yaml by mp * Enhancement: cves/2021/CVE-2021-39350.yaml by mp * Enhancement: cves/2021/CVE-2021-39433.yaml by mp * Enhancement: cves/2021/CVE-2021-41192.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp * Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp * Enhancement: exposed-panels/aviatrix-panel.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Enhancement: exposed-panels/blue-iris-login.yaml by mp * Enhancement: exposed-panels/bigbluebutton-login.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Spacing issues Add cve-id field * fix & stomping * Enhancement: cves/2016/CVE-2016-1000141.yaml by mp * Enhancement: cves/2020/CVE-2020-24912.yaml by mp * Enhancement: cves/2021/CVE-2021-35265.yaml by mp * Enhancement: cves/2022/CVE-2022-0437.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: technologies/teradici-pcoip.yaml by mp * Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: exposed-panels/epson-web-control-detect.yaml by mp * Enhancement: exposed-panels/epson-access-detect.yaml by mp * Enhancement: cves/2020/CVE-2020-29453.yaml by mp * Fix spacing Co-authored-by: sullo <sullo@cirt.net>
2022-03-25 11:45:10 +00:00
condition: or
# Enhanced by mp on 2022/03/23