Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-12306 | 1 Asustor | 2 As602t, Data Master | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. | |||||
CVE-2018-12308 | 1 Asustor | 2 As602t, Data Master | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. | |||||
CVE-2018-15698 | 1 Asustor | 1 Data Master | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. | |||||
CVE-2018-12314 | 1 Asustor | 2 As602t, Data Master | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. | |||||
CVE-2018-12311 | 1 Asustor | 2 As602t, Data Master | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. | |||||
CVE-2018-12312 | 1 Asustor | 2 As602t, Data Master | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. |