Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking

Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges.

The issues reside in TOS, an abbreviation for TerraMaster Operating System, and “can grant unauthenticated attackers access to the victim’s box simply by knowing the IP address, Ethiopian cyber security research firm Octagon Networks‘ Paulos Yibelo said in a statement shared with The Hacker News.

TOS is the operating system designed for TNAS appliances, enabling users to manage storage, install applications, and backup data. Following responsible disclosure, the flaws were patched in TOS version 4.2.30 released last week on March 1, 2022.

One of the issues, tracked as CVE-2022-24990, concerns a case of an information leak in a component called “webNasIPS,” resulting in the exposure of TOS firmware version, the default gateway interface’s IP and MAC address, and a hash of the administrator password.

The second shortcoming, on the other hand, relates to a command injection flaw in a PHP module called “createRaid” (CVE-2022-24989), resulting in a scenario where the two issues can be stringed together to submit a specially-crafted command to achieve remote code execution.

“All in all, this was a very interesting project,” Yibelo said. “We have used multiple components of an information leak, along with another information leak of the machine’s time, and chained it with an authenticated OS command Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *