TerraMaster NAS Remote Code Execution Vulnerability (CVE-2022-24990)

TerraMaster NAS devices are vulnerable to a remote command execution vulnerability that could allow an unauthenticated attacker to execute commands as root. Tracked as CVE-2022-24990, the vulnerability is exploited via PHP Object Instantiation.    CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it soon.     NAS (network-attached … Continue reading “TerraMaster NAS Remote Code Execution Vulnerability (CVE-2022-24990)”