CVE-2022-24990 Scanner
Detects 'Information Disclosure' vulnerability in TerraMaster NAS affects v. 4.2.29 and before.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
TerraMaster NAS is a network-attached storage device designed for small to medium-sized businesses and home users who require a secure and reliable way to store and share files. This device is perfect for those looking for a centralized storage solution that can be accessed from any device over the internet. The TerraMaster NAS is equipped with various features such as data backup and synchronization, RAID support, and multimedia streaming to multimedia devices.
The TerraMaster NAS 4.2.29 and earlier versions have been found vulnerable to CVE-2022-24990. The vulnerability allows remote attackers to discover the administrative password using a simple method: sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. This vulnerability can be exploited by attackers to gain access to the TerraMaster NAS and potentially steal sensitive data.
Exploiting this vulnerability can lead to serious consequences, such as unauthorized access to confidential data and personal information. Attackers can also gain control of the network that the TerraMaster NAS is on and use it for malicious purposes like launching DDoS attacks.
It's crucial to stay up-to-date with the latest vulnerabilities and security issues that may affect your digital assets. Thanks to the pro features of the s4e.io platform, you can easily and quickly learn about vulnerabilities in your digital assets. s4e.io can help you scan for vulnerabilities in your digital assets and provide actionable recommendations to keep your data safe from potential threats. Don't wait until it's too late, act now to protect your digital assets.
REFERENCES