← Back

Asustor

asustor

54 CVEs • 11 products

Products (11)

Click to collapse
Toggle
Data Master
data_master
37 CVEs
As6202t Firmware
as6202t_firmware
6 CVEs
Adm
adm
5 CVEs
Soundsgood
soundsgood
2 CVEs
Asustor Data Master
asustor_data_master
2 CVEs
Exfat Driver
exfat_driver
2 CVEs
Looksgood
looksgood
1 CVE
Download Center
download_center
1 CVE
As6202t
as6202t
0 CVEs
As602t
as602t
0 CVEs
As 602t
as-602t
0 CVEs

CVEs (54)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-37398
1Asustor
1Adm
Nov 21, 2024
Aug 5, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include:...Show more
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.Show less
CVE-2019-11689
1Asustor
1Exfat Driver
Nov 21, 2024
Mar 18, 2020
N/A· v4
8.1 HIGH· v3
9.3 HIGH· v2
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resu...Show more
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.Show less
CVE-2019-11688
1Asustor
1Exfat Driver
Nov 21, 2024
Mar 18, 2020
N/A· v4
7.4 HIGH· v3
8.8 HIGH· v2
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Cer...Show more
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.Show less
CVE-2018-12319
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
CVE-2018-12318
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.
CVE-2018-12317
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.
CVE-2018-12316
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
CVE-2018-12315
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
CVE-2018-12314
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.
CVE-2018-12313
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
CVE-2018-12312
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
CVE-2018-12311
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
CVE-2018-12310
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
CVE-2018-12309
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11...Show more
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.Show less
CVE-2018-12308
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
CVE-2018-12307
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
CVE-2018-12306
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
CVE-2018-12305
1Asustor
1Data Master
Nov 21, 2024
Dec 4, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
CVE-2018-15699
1Asustor
1Data Master
Nov 21, 2024
Aug 27, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version fi...Show more
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.Show less
CVE-2018-15698
1Asustor
1Data Master
Nov 21, 2024
Aug 27, 2018
N/A· v4
6.5 MEDIUM· v3
6.8 MEDIUM· v2
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.