Vulnerabilities > Asustor > Data Master > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2023-3699 Unspecified vulnerability in Asustor Data Master
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration.
local
low complexity
asustor
5.5
2023-08-22 CVE-2023-4475 Files or Directories Accessible to External Parties vulnerability in Asustor Data Master
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories.
local
low complexity
asustor CWE-552
5.5
2018-12-04 CVE-2018-12319 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
network
low complexity
asustor CWE-79
5.0
2018-12-04 CVE-2018-12318 Information Exposure vulnerability in Asustor Data Master 3.1.1
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.
network
low complexity
asustor CWE-200
4.0
2018-12-04 CVE-2018-12315 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Asustor Data Master 3.1.1
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
network
low complexity
asustor CWE-640
4.0
2018-12-04 CVE-2018-12309 Path Traversal vulnerability in Asustor Data Master 3.1.1
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter.
network
low complexity
asustor CWE-22
5.0
2018-12-04 CVE-2018-12308 Information Exposure vulnerability in Asustor Data Master 3.1.1
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
network
low complexity
asustor CWE-200
4.0
2018-12-04 CVE-2018-12306 Path Traversal vulnerability in Asustor Data Master 3.1.1
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
network
low complexity
asustor CWE-22
5.0
2018-12-04 CVE-2018-12305 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
network
asustor CWE-79
4.3
2018-08-27 CVE-2018-15699 Cross-site Scripting vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS.
network
asustor CWE-79
4.3