TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Metrics
Affected Vendors & Products
References
History
Mon, 03 Feb 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
kev
|

Status: PUBLISHED
Assigner: mitre
Published: 2023-02-07T00:00:00.000Z
Updated: 2025-02-03T14:29:35.835Z
Reserved: 2022-02-14T00:00:00.000Z
Link: CVE-2022-24990

Updated: 2024-08-03T04:29:01.557Z

Status : Modified
Published: 2023-02-07T18:15:09.100
Modified: 2025-02-03T15:15:13.737
Link: CVE-2022-24990

No data.