9.8
CVE-2022-24990
- EPSS 94.4%
- Veröffentlicht 07.02.2023 18:15:09
- Zuletzt bearbeitet 07.11.2025 19:02:38
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Terra-master ≫ Terramaster Operating System Version < 4.2.31
Terra-master ≫ F2-210 Version-
Terra-master ≫ F2-221 Version-
Terra-master ≫ F2-223 Version-
Terra-master ≫ F2-422 Version-
Terra-master ≫ F2-423 Version-
Terra-master ≫ F4-421 Version-
Terra-master ≫ F4-422 Version-
Terra-master ≫ F4-423 Version-
Terra-master ≫ F5-221 Version-
Terra-master ≫ F5-422 Version-
Terra-master ≫ T12-423 Version-
Terra-master ≫ T12-450 Version-
Terra-master ≫ T6-423 Version-
Terra-master ≫ T9-423 Version-
Terra-master ≫ T9-450 Version-
Terra-master ≫ U12-322-9100 Version-
Terra-master ≫ U12-423 Version-
Terra-master ≫ U12-722-2224 Version-
Terra-master ≫ U16-322-9100 Version-
Terra-master ≫ U16-722-2224 Version-
Terra-master ≫ U24-722-2224 Version-
Terra-master ≫ U4-111 Version-
Terra-master ≫ U4-211 Version-
Terra-master ≫ U4-423 Version-
Terra-master ≫ U8-111 Version-
Terra-master ≫ U8-322-9100 Version-
Terra-master ≫ U8-423 Version-
Terra-master ≫ U8-522-9400 Version-
Terra-master ≫ U8-722-2224 Version-
Terra-master ≫ F2-221 Version-
Terra-master ≫ F2-223 Version-
Terra-master ≫ F2-422 Version-
Terra-master ≫ F2-423 Version-
Terra-master ≫ F4-421 Version-
Terra-master ≫ F4-422 Version-
Terra-master ≫ F4-423 Version-
Terra-master ≫ F5-221 Version-
Terra-master ≫ F5-422 Version-
Terra-master ≫ T12-423 Version-
Terra-master ≫ T12-450 Version-
Terra-master ≫ T6-423 Version-
Terra-master ≫ T9-423 Version-
Terra-master ≫ T9-450 Version-
Terra-master ≫ U12-322-9100 Version-
Terra-master ≫ U12-423 Version-
Terra-master ≫ U12-722-2224 Version-
Terra-master ≫ U16-322-9100 Version-
Terra-master ≫ U16-722-2224 Version-
Terra-master ≫ U24-722-2224 Version-
Terra-master ≫ U4-111 Version-
Terra-master ≫ U4-211 Version-
Terra-master ≫ U4-423 Version-
Terra-master ≫ U8-111 Version-
Terra-master ≫ U8-322-9100 Version-
Terra-master ≫ U8-423 Version-
Terra-master ≫ U8-522-9400 Version-
Terra-master ≫ U8-722-2224 Version-
10.02.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
TerraMaster OS Remote Command Execution Vulnerability
SchwachstelleTerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.4% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.