Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-11510

Published: 28/06/2018 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Adm

Vulnerability Summary

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

asustor adm

Exploits

Exploit DB: ADM 3.1.2RHG1 - Remote Code Execution
# Title: Asustor ADM 312RHG1 - Remote Code Execution # Author: Matthew Fulton & Kyle Lovett # Date: 2018-07-01 # Vendor Homepage: wwwasustorcom/ # Software Link: downloadasustorcom/download/adm/X64_G3_312RHG1img # Version: <= ADM 312RHG1 # Tested on: ASUSTOR AS6202T # CVE : CVE-2018-11510 # References: # cv ...
Exploit DB: ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection
Product - ASUSTOR ADM - 310RFQ3 and all previous builds Vendor - wwwasustorcom/ Patch Notes - downloadasustorcom/download/docs/releasenotes/RN_ADM_313RHU2pdf Issue: The Asustor NAS appliance on ADM 310 and before suffer from multiple critical vulnerabilities The vulnerabilities were submitted to Asustor in January and ...
Exploit DB: ASUSTOR NAS ADM 3.1.0 Remote Command Execution / SQL Injection
ASUSTOR NAS ADM version 310 suffers from code execution and remote SQL injection vulnerabilities ...
Exploit DB: ADM 3.1.2RHG1 Remote Code Execution
ADM versions 312RHG1 and below suffer from a remote code execution vulnerability ...

Github Repositories

https://github.com/mefulton/CVE-2018-11510

Just a couple exploits for CVE-2018-11510

A couple exploits for CVE-2018-11510 by Kyle Lovett (@SquirrelBuddha) and myself (Matthew Fulton/@haqur) Leverages an unauthneticated command injection to get a root shell back The metasploit module has a separate payload included in the repo Will see if I can get them included via a pull request with MSF some point in the near future Looks like the bug may be patched now,

References

CWE-78https://github.com/mefulton/CVE-2018-11510/blob/master/admex.pyhttps://github.com/mefulton/CVE-2018-11510http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.htmlhttps://www.exploit-db.com/exploits/45200/https://www.exploit-db.com/exploits/45212/https://nvd.nist.govhttps://github.com/mefulton/CVE-2018-11510https://www.exploit-db.com/exploits/45212/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook