CVE-2023-48185 – This CVE describes a directory traversal vulner... (How to Fix)

Q: What is the severity of CVE-2023-48185?

CVE-2023-48185 has a CVSS score of 7.5 (HIGH). This CVE describes a directory traversal vulnerability in TerraMaster NAS devices that allows remote attackers to access sensitive files outside the intended directory structure via crafted GET requests. Attackers can potentially read configuration files, credentials, or other sensitive data. All TerraMaster NAS devices running affected software versions are vulnerable.

📋 TL;DR

This CVE describes a directory traversal vulnerability in TerraMaster NAS devices that allows remote attackers to access sensitive files outside the intended directory structure via crafted GET requests. Attackers can potentially read configuration files, credentials, or other sensitive data. All TerraMaster NAS devices running affected software versions are vulnerable.

💻 Affected Systems

Products:

TerraMaster NAS devices

Versions: v.s1.0 through v.2.295

Operating Systems: TerraMaster TOS (TerraMaster Operating System)

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. The web interface is typically enabled by default.

📦 What is this software?

Terra Master by Terra Mater

View all CVEs affecting Terra Master →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential theft, configuration file access leading to lateral movement, or sensitive data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, credentials, or user information.

🟢

If Mitigated

Limited impact with proper network segmentation, access controls, and monitoring in place.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication if the device is exposed to the internet.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities typically have low exploitation complexity. The vulnerability requires only crafted HTTP GET requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after v.2.295

Vendor Advisory: https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842

Restart Required: Yes

Instructions:

1. Log into TerraMaster TOS web interface. 2. Navigate to Control Panel > General Settings > Update & Restore. 3. Check for updates and install the latest version. 4. Reboot the NAS device after update completes.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to TerraNAS web interface to trusted networks only

Configure firewall rules to allow only specific IP ranges to access TerraNAS web ports (typically 80/443)

Web Application Firewall

all

Implement WAF rules to block directory traversal patterns

Add WAF rule to block requests containing '../', '..\', or similar traversal patterns

🧯 If You Can't Patch

Implement strict network segmentation to isolate TerraMaster NAS from untrusted networks
Deploy a reverse proxy with request filtering to block directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check current TOS version in Control Panel > General Settings > Update & Restore. If version is between v.s1.0 and v.2.295 inclusive, the system is vulnerable.

Check Version:

Not applicable - version check must be done through TOS web interface

Verify Fix Applied:

Verify TOS version is greater than v.2.295. Test with controlled directory traversal attempts (if authorized) to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

HTTP GET requests containing '../' or '..\' patterns in web server logs
Multiple failed attempts to access restricted paths

Network Indicators:

Unusual patterns of HTTP requests to TerraMaster web interface from external IPs
Requests attempting to access known sensitive file paths

SIEM Query:

source="terramaster_web_logs" AND (http_method="GET" AND (url="*../*" OR url="*..\\*"))

📊 Metadata

CVE ID: CVE-2023-48185

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: November 17, 2023

Last Updated: November 21, 2024

🔗 References

https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p Not Applicable
https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p17623 Not Applicable
https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p Not Applicable
https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p17623 Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48185, you might also want to check these: