|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-03-29 | |
| Rule Name: | TerraMaster TOS Unauthenticated Input Validation Error Vulnerability (CVE-2022-24990) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Terramaster TOS is a Linux-based operating system from Terramaster, which is dedicated to the erraMaster cloud storage NAS server. Terramaster TOS version 4.2.29 has a command injection vulnerability that stems from incorrect input validation in the webNasIPS component in the api.php script. An unauthenticated attacker could send special data to exploit the vulnerability and execute arbitrary commands on the target system. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Others | |
| Reference: | http://wiki.peiqi.tech/wiki/webapp/TerraMaster/TerraMaster%20TOS%20createRaid%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-24990.html |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.terra-master.com/jp/tos/ |