Title:TerraMaster TOS 访问控制错误漏洞 (CVE-2022-24990) Description:TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Description
TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.
File Snapshot
id: CVE-2022-24990
info:
name: TerraMaster TOS < 4.2.30 Server Information Disclosure
author: d
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →