CVE-2022-24990

Published: Feb 7, 2023Modified: Nov 7, 2025CISA KEV

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

Affected (1)

Products: Terra Master: Terramaster Operating System

Terra Master

1 product

Terramaster Operating System

Configuration A

1 vulnerable · 29 platform

Vulnerable Software	Affected Versions
Terra Master Terramaster Operating System	Before 4.2.31

Running on/with	Platform Versions
Terra Master F2 210	All versions
Terra Master F2 221	All versions
Terra Master F2 223	All versions
Terra Master F2 422	All versions
Terra Master F2 423	All versions
Terra Master F4 421	All versions
Terra Master F4 422	All versions
Terra Master F4 423	All versions
Terra Master F5 221	All versions
Terra Master F5 422	All versions
Terra Master T12 423	All versions
Terra Master T12 450	All versions
Terra Master T6 423	All versions
Terra Master T9 423	All versions
Terra Master T9 450	All versions
Terra Master U12 322 9100	All versions
Terra Master U12 423	All versions
Terra Master U12 722 2224	All versions
Terra Master U16 322 9100	All versions
Terra Master U16 722 2224	All versions
Terra Master U24 722 2224	All versions
Terra Master U4 111	All versions
Terra Master U4 211	All versions
Terra Master U4 423	All versions
Terra Master U8 111	All versions
Terra Master U8 322 9100	All versions
Terra Master U8 423	All versions
Terra Master U8 522 9400	All versions
Terra Master U8 722 2224	All versions