Vulnerabilities > Asustor > Asustor Data Master

DATE CVE VULNERABILITY TITLE RISK
2018-08-16 CVE-2018-11511 SQL Injection vulnerability in Asustor Data Master 3.1.0
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.
network
low complexity
asustor CWE-89
critical
9.8
2018-08-16 CVE-2018-11509 Use of Hard-coded Credentials vulnerability in Asustor Data Master 3.1.0
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository.
network
low complexity
asustor CWE-798
critical
9.8