Vulnerabilities (CVE)

Filtered by vendor Asustor Subscribe
Filtered by product Adm
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-30770 1 Asustor 1 Adm 2024-11-21 N/A 7.1 HIGH
A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.
CVE-2023-2909 1 Asustor 1 Adm 2024-11-21 N/A 8.5 HIGH
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.
CVE-2023-2749 1 Asustor 2 Adm, Download Center 2024-11-21 N/A 8.6 HIGH
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.
CVE-2023-2509 1 Asustor 3 Adm, Looksgood, Soundsgood 2024-11-21 N/A 7.1 HIGH
A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.
CVE-2022-37398 1 Asustor 1 Adm 2024-11-21 N/A 7.1 HIGH
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.
CVE-2018-11510 1 Asustor 1 Adm 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.