TerraMaster NAS Remote Code Execution Vulnerability
漏洞信息
漏洞名称: TerraMaster NAS Remote Code Execution Vulnerability
漏洞编号:
- CVE: CVE-2022-24989
漏洞类型: 命令执行
漏洞等级: 严重
漏洞描述: TerraMaster NAS是一款网络附加存储设备,广泛应用于企业和个人用户中,用于数据存储和共享。该设备支持通过Web界面进行管理,提供了丰富的功能,包括文件管理、远程访问等。由于其广泛的应用和功能,TerraMaster NAS成为了攻击者的目标。该漏洞存在于api.php?mobile/createRaid接口中,由于未对raidtype和diskstring参数进行充分的过滤和验证,导致攻击者可以通过构造恶意的参数,实现远程代码执行。攻击者利用此漏洞,可以在设备上以root权限执行任意命令,完全控制受影响的设备。此漏洞的利用需要远程网络访问,且攻击者需要构造特定的参数。由于漏洞的严重性,攻击者可以利用此漏洞进行数据泄露、服务中断等恶意操作,对企业和个人用户的数据安全构成严重威胁。
产品厂商: TerraMaster
产品名称: TerraMaster NAS
影响版本: version <= 4.2.30
搜索语法: terramaster
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12777
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
TerraMaster NAS versions through 4.2.30 contain a remote code execution caused by unsanitized parameters raidtype and diskstring in api.php?mobile/createRaid, letting WAN attackers execute arbitrary code as root, exploit requires remote network access and crafted parameters.
Severity: Critical
POC:
- https://github.com/0xf4n9x/CVE-2022-24990
- https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation
- https://packetstormsecurity.com/files/172904
KEV: True
Shodan Query: terramaster
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.