adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated documentation

Browse Source
This commit is contained in:
h00die-gr3y
2023-06-10 12:14:05 +00:00
parent 417c9fa591
commit db8a49cc99
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/http/terramaster_unauth_rce_cve_2022_24990.md
+2
View File
@@ -6,6 +6,8 @@ to achieve an unauthenticated RCE by exploiting vulnerable endpoint `api.php?mob
admin password hash and mac address to achieve unauthenticated access and use the vulnerable endpoint`api.php?mobile/createRaid` with
`POST` parameters `raidtype` / `diskstring` to upload a webshell and execute remote code as root on TerraMaster NAS devices.
All TerraMaster devices running TerraMaster Operating System (TOS) `4.2.29` or lower are vulnerable.
Installing a vulnerable test bed requires a TerraMaster NAS device that can run `TOS 4.x`
This module has been tested against a TerraMaster `F2-221` Model with the specifications listed below: