Vulnerabilities > Asustor > ADM > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-31 CVE-2023-2909 Path Traversal vulnerability in Asustor ADM
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files.
network
low complexity
asustor CWE-22
critical
10.0
2023-04-17 CVE-2023-30770 Out-of-bounds Write vulnerability in Asustor ADM
A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation.
network
low complexity
asustor CWE-787
critical
9.8
2018-06-28 CVE-2018-11510 OS Command Injection vulnerability in Asustor ADM
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
network
low complexity
asustor CWE-78
critical
9.8