Terramaster TOS Command Injection Vulnerability (CVE-2022-24990). Centos7 Vulnerability Scanning

Enterprise 2023-07-01 11:15:00 views: null

Recently, when the company launched a small program business and prepared to release the nginx server to the external network, it had to scan for vulnerabilities first, and then detected this vulnerability CVE-2022-24990.

 

Terramaster TOS Command Injection Vulnerability (CVE-2022-24990)[Principle Scan]   

Version: Terramaster TOS 4.2.29 

Introduction: Terramaster TOS is an operating system based on the Linux platform of China Terramaster, which is dedicated to the erraMaster cloud storage NAS server. <br/>Terramaster TOS 4.2.29 has a command injection vulnerability, which is caused by incorrect input validation in the webNasIPS component in the api.php script. An unauthenticated attacker could send special data to exploit this vulnerability and execute arbitrary commands on the target system.

The suggestion given is: At present, the manufacturer has released an upgrade patch to fix the vulnerability. For details, please pay attention to the manufacturer's homepage:
https://www.terra-master.com/jp/tos/

But after I checked a lot of information and went to the official website, TOS is actually a service system. I went to the update package on their official website and did not see the specific update method. And our centos 7 server didn't use this service at all. Really tossed enough by this loophole. I searched all the services on the server and found nothing related to Terramaster or TOS. It was impossible to upgrade the nginx service or anything. Finally, my colleagues and I found out that it was a static web page.

Solution:

Finally, a static web page of index.html was found in the nginx/html directory. The interface is as follows

In the file nginx/html/index.html in the original directory, rename index.html to index.html123, that is, change it to a non-.html suffix. Or you can delete the index.html file if it is useless. Afterwards it went back to normal.

Conclusion: Conclusion The vulnerability problem should be caused by false positives, and Terramaster TOS-related services are not used in all services. The missing scan should be that the index.html is detected to be similar to the CVE-2022-24990 vulnerability signature database, and the vulnerability is reported.

Friends who don't understand can leave a message in the comment area.

Guess you like

Origin blog.csdn.net/weixin_52998454/article/details/129754526
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com