S4E

CVE-2022-24990 Scanner

Detects 'Information Disclosure' vulnerability in TerraMaster NAS affects v. 4.2.29 and before.

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Url

Toolbox

-

TerraMaster NAS is a network-attached storage device designed for small to medium-sized businesses and home users who require a secure and reliable way to store and share files. This device is perfect for those looking for a centralized storage solution that can be accessed from any device over the internet. The TerraMaster NAS is equipped with various features such as data backup and synchronization, RAID support, and multimedia streaming to multimedia devices.

The TerraMaster NAS 4.2.29 and earlier versions have been found vulnerable to CVE-2022-24990. The vulnerability allows remote attackers to discover the administrative password using a simple method: sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. This vulnerability can be exploited by attackers to gain access to the TerraMaster NAS and potentially steal sensitive data.

Exploiting this vulnerability can lead to serious consequences, such as unauthorized access to confidential data and personal information. Attackers can also gain control of the network that the TerraMaster NAS is on and use it for malicious purposes like launching DDoS attacks.

It's crucial to stay up-to-date with the latest vulnerabilities and security issues that may affect your digital assets. Thanks to the pro features of the s4e.io platform, you can easily and quickly learn about vulnerabilities in your digital assets. s4e.io can help you scan for vulnerabilities in your digital assets and provide actionable recommendations to keep your data safe from potential threats. Don't wait until it's too late, act now to protect your digital assets.

 

REFERENCES

Get started to protecting your Free Full Security Scan