asustor vulnerabilities and exploits

4
CVSSv2
CVE-2018-15697

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history....

4
CVSSv2
CVE-2018-12315

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password....

9
CVSSv2
CVE-2018-12317

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter....

3.5
CVSSv2
CVE-2018-12310

Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature....

4.3
CVSSv2
CVE-2018-15699

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field....

7.8
CVSSv2
CVE-2018-12314

Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters....

6
CVSSv2
CVE-2018-15694

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled....

4.3
CVSSv2
CVE-2018-12305

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript....

6.5
CVSSv2
CVE-2018-11341

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter....

AsustorAs6202t Firmware
4
CVSSv2
CVE-2018-12308

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter....