What is CVE-2022-24989?

CVE-2022-24989 is a vulnerability in N/a. Published 2023-08-20.

Is CVE-2022-24989 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed…

EPSS: 0.837 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
0day404/vulnerability-poc
20142995/nuclei-templates
ARPSyndicate/cvemon
ArrestX/--POC
KayCHENvip/vulnerability-poc
Miraitowa70/POC-Notes
Threekiii/Awesome-POC
XiaomingX/awesome-poc-for-red-team
cyb3r-w0lf/nuclei-template-collection

References

forum.terra-master.com/en/viewforum.php
github.com/0xf4n9x/CVE-2022-24990
packetstormsecurity.com/files/172904
attackerkb.com/topics/h8YKVKx21t/cve-2022-24990
octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remot…

Frequently asked questions

What is CVE-2022-24989?: CVE-2022-24989 is a vulnerability in N/a. Published 2023-08-20.
Is CVE-2022-24989 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.