Vulnerabilities > Asustor > As6202T Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-22 | CVE-2018-11346 | Forced Browsing vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | 4.3 |
| 2018-05-22 | CVE-2018-11344 | Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. | 6.5 |
| 2018-05-22 | CVE-2018-11342 | Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter. | 4.3 |