Vulnerabilities > Asustor > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-31 | CVE-2023-2909 | Path Traversal vulnerability in Asustor ADM EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. | 10.0 |
2023-04-17 | CVE-2023-30770 | Out-of-bounds Write vulnerability in Asustor ADM 4.0.5.Rvi1/4.1.0.Rjd1 A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. | 9.8 |
2020-03-18 | CVE-2019-11689 | OS Command Injection vulnerability in Asustor Exfat Driver 1.0.0 An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. | 9.3 |
2018-12-04 | CVE-2018-12317 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter. | 9.0 |
2018-12-04 | CVE-2018-12316 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter. | 9.0 |
2018-12-04 | CVE-2018-12313 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. | 10.0 |
2018-12-04 | CVE-2018-12312 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. | 9.0 |
2018-12-04 | CVE-2018-12307 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter. | 9.0 |
2018-05-22 | CVE-2018-11340 | Unrestricted Upload of File with Dangerous Type vulnerability in Asustor As6202T Firmware An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. | 9.0 |