Vulnerabilities > Asustor > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-27 | CVE-2018-15697 | Information Exposure vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. | 6.5 |
| 2018-08-27 | CVE-2018-15696 | Information Exposure vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. | 4.3 |
| 2018-08-27 | CVE-2018-15695 | Path Traversal vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | 6.5 |
| 2018-05-22 | CVE-2018-11346 | Forced Browsing vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | 4.3 |
| 2018-05-22 | CVE-2018-11344 | Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. | 6.5 |
| 2018-05-22 | CVE-2018-11343 | Cross-site Scripting vulnerability in Asustor Soundsgood A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. | 5.4 |
| 2018-05-22 | CVE-2018-11342 | Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter. | 4.3 |