Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asustor adm vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-12307
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "name" POST parameter.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-12312
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "secret_key" URL parameter.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-12317
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root by modifying the "name" POST parameter.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-12318
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows malicious users to obtain the SNMP password in cleartext.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-11345
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows malicious users to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the ...
Asustor As6202t Firmware
8.1
CVSSv3
CVE-2023-3698
Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Asustor Data Master
7.5
CVSSv3
CVE-2023-2749
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affecte...
Asustor Download Center
7.5
CVSSv3
CVE-2018-12314
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to download arbitrary files by manipulating the "file" and "folder" URL parameters.
Asustor Data Master 3.1.1
7.5
CVSSv3
CVE-2018-12319
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows malicious users to prevent users from signing in by placing malformed text in the title.
Asustor Data Master 3.1.1
7.5
CVSSv3
CVE-2018-12306
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
Asustor Data Master 3.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »