Title:TerraMaster TOS 访问控制错误漏洞 (CVE-2022-24990) Description:TerraMaster TOS是中国铁威马(TerraMaster)公司的一款基于Linux平台的,专用于erraMaster云存储NAS服务器的操作系统。 Terramaster TOS 4.2.29版本存在访问控制错误漏洞,该漏洞源于api.php脚本中的webNasIPS 组件中的输入验证不正确。未经身份验证的攻击者可以发送特殊数据利用该漏洞并在目标系统上执行任意命令。
Description
TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.
File Snapshot
id: CVE-2022-24990
info:
name: TerraMaster TOS < 4.2.30 Server Information Disclosure
author: d
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.