5
CVSSv2

CVE-2018-11510

Published: 28/06/2018 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 511
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

asustor adm

Exploits

# Title: Asustor ADM 312RHG1 - Remote Code Execution # Author: Matthew Fulton & Kyle Lovett # Date: 2018-07-01 # Vendor Homepage: wwwasustorcom/ # Software Link: downloadasustorcom/download/adm/X64_G3_312RHG1img # Version: <= ADM 312RHG1 # Tested on: ASUSTOR AS6202T # CVE : CVE-2018-11510 # References: # cv ...
Product - ASUSTOR ADM - 310RFQ3 and all previous builds Vendor - wwwasustorcom/ Patch Notes - downloadasustorcom/download/docs/releasenotes/RN_ADM_313RHU2pdf Issue: The Asustor NAS appliance on ADM 310 and before suffer from multiple critical vulnerabilities The vulnerabilities were submitted to Asustor in January and ...

Mailing Lists

ADM versions 312RHG1 and below suffer from a remote code execution vulnerability ...
Product - ASUSTOR ADM - 310RFQ3 and all previous builds Vendor - wwwasustorcom/ Patch Notes - downloadasustorcom/download/docs/releasenotes/RN_ADM_313RHU2pdf Issue: The Asustor NAS appliance on ADM 310 and before suffer from multiple critical vulnerabilities The vulnerabilities were submitted to Asustor in January and ...
ASUSTOR NAS ADM version 310 suffers from code execution and remote SQL injection vulnerabilities ...

Github Repositories

Just a couple exploits for CVE-2018-11510

A couple exploits for CVE-2018-11510 by Kyle Lovett (@SquirrelBuddha) and myself (Matthew Fulton/@haqur) Leverages an unauthneticated command injection to get a root shell back The metasploit module has a separate payload included in the repo Will see if I can get them included via a pull request with MSF some point in the near future Looks like the bug may be patched now,

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr