← volver
CVE-2022-24989

CVE-2022-24989

EPSS 31.9%◆ VulnCheck KEV
Vexday Risk Score
52Atención
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS EPSS 31.9%KEV nãoPoC Nuclei Metasploit simPatch
Ciclo de vida
07 mar 2022Exploit Metasploit disponible
20 ago 2023Publicada en NVD
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
Productos afectados
n/a · n/a