Vulnerabilities > Asustor > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-31 CVE-2023-2909 Path Traversal vulnerability in Asustor ADM
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files.
network
low complexity
asustor CWE-22
critical
10.0
2023-04-17 CVE-2023-30770 Out-of-bounds Write vulnerability in Asustor ADM
A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation.
network
low complexity
asustor CWE-787
critical
9.8
2018-12-04 CVE-2018-12313 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
network
low complexity
asustor CWE-78
critical
9.8
2018-08-16 CVE-2018-11511 SQL Injection vulnerability in Asustor Data Master 3.1.0
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.
network
low complexity
asustor CWE-89
critical
9.8
2018-08-16 CVE-2018-11509 Use of Hard-coded Credentials vulnerability in Asustor Data Master 3.1.0
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository.
network
low complexity
asustor CWE-798
critical
9.8
2018-06-28 CVE-2018-11510 OS Command Injection vulnerability in Asustor ADM
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
network
low complexity
asustor CWE-78
critical
9.8