HTTP: TerraMaster TOS Unauthenticated Remote Code Execution
This signature detects attempts to exploit a known vulnerability against TerraMaster. A successful attack can lead to arbitrary code execution.
Extended Description
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
Short Name
HTTP:CTS:TERRAMASTER-TOS-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-24989 CVE-2022-24990 Code Execution Remote TOS TerraMaster Unauthenticated
Release Date
08/21/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3805
False Positive
Unknown