Exploit for CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

Published: 2023-02-07

CVSS: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download Exploit for CVE-2022-24990 here:

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://augustaverburg.nl/exploit-847-cve-2023-21768/

https://augustaverburg.nl/exploit-204-cve-2024-44131/

https://augustaverburg.nl/exploit-152-cve-2025-27237/

 

 

Copyright: Augusta Verburg

Website door: Webheld.nl