Vulnerabilities > Asustor > Data Master > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2023-3699 Unspecified vulnerability in Asustor Data Master
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration.
local
low complexity
asustor
5.5
2023-08-22 CVE-2023-4475 Files or Directories Accessible to External Parties vulnerability in Asustor Data Master
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories.
local
low complexity
asustor CWE-552
5.5
2018-12-04 CVE-2018-12315 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Asustor Data Master 3.1.1
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
network
low complexity
asustor CWE-640
6.5
2018-12-04 CVE-2018-12311 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
network
low complexity
asustor CWE-79
5.4
2018-12-04 CVE-2018-12310 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
network
low complexity
asustor CWE-79
5.4
2018-12-04 CVE-2018-12308 Information Exposure vulnerability in Asustor Data Master 3.1.1
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
network
low complexity
asustor CWE-200
6.5
2018-12-04 CVE-2018-12305 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
network
low complexity
asustor CWE-79
6.1
2018-08-27 CVE-2018-15699 Cross-site Scripting vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS.
network
low complexity
asustor CWE-79
6.1
2018-08-27 CVE-2018-15698 Information Exposure vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.
network
low complexity
asustor CWE-200
6.5
2018-08-27 CVE-2018-15697 Information Exposure vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path.
network
low complexity
asustor CWE-200
6.5