Terra-master - F2-223 CVE

Filtered by vendor Terra-master Subscribe

Filtered by product F2-223

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-24989	1 Terra-master	30 F2-210, F2-221, F2-223 and 27 more	2023-08-24	N/A	9.8 CRITICAL
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.

Vulnerabilities (CVE)