VYPR
Unrated severityCISA KEVNVD Advisory· Published Feb 7, 2023· Updated Oct 21, 2025

CVE-2022-24990

CVE-2022-24990

Description

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • TerraMaster/NASdescription
  • Qnap/Nasllm-fuzzy
    Range: <=4.2.29

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.