Vulnerabilities > Asustor > Data Master > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-12-04 CVE-2018-12307 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
network
low complexity
asustor CWE-78
critical
9.0
2018-12-04 CVE-2018-12312 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
network
low complexity
asustor CWE-78
critical
9.0
2018-12-04 CVE-2018-12313 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
network
low complexity
asustor CWE-78
critical
10.0
2018-12-04 CVE-2018-12316 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
network
low complexity
asustor CWE-78
critical
9.0
2018-12-04 CVE-2018-12317 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.
network
low complexity
asustor CWE-78
critical
9.0