Vulnerabilites related to asustor - as602t
cve-2018-12314
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the \"file\" and \"folder\" URL parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the \"file\" and \"folder\" URL parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12314",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12311
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12311",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12308
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the \"encrypt_key\" URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the \"encrypt_key\" URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12308",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12313
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the \"rocommunity\" URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the \"rocommunity\" URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12313",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12310
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12310",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12306
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the \"file1\" URL parameter, a similar issue to CVE-2018-11344."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the \"file1\" URL parameter, a similar issue to CVE-2018-11344."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12306",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12315
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12315",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12318
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12318",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12316
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12316",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12312
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"secret_key\" URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"secret_key\" URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12312",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12309
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the \"path\" URL parameter. NOTE: the \"filename\" POST parameter is covered by CVE-2018-11345."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the \"path\" URL parameter. NOTE: the \"filename\" POST parameter is covered by CVE-2018-11345."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12309",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12307
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"name\" POST parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"name\" POST parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12307",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12319
Vulnerability from cvelistv5
Published
2018-12-04 17:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12319",
"datePublished": "2018-12-04T17:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password."
},
{
"lang": "es",
"value": "Falta de verificaci\u00f3n de una contrase\u00f1a en ASUSTOR ADM 3.1.1 permite que los atacantes cambien las contrase\u00f1as de la cuenta sin introducir la contrase\u00f1a actual."
}
],
"id": "CVE-2018-12315",
"lastModified": "2024-11-21T03:44:58.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the \"file\" and \"folder\" URL parameters."
},
{
"lang": "es",
"value": "Salto de directorio en downloadwallpaper.cgi en ASUSTOR ADM 3.1.1 permite que los atacantes descarguen archivos arbitrarios modificando los par\u00e1metros de la URL \"file\" y \"folder\"."
}
],
"id": "CVE-2018-12314",
"lastModified": "2024-11-21T03:44:58.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter."
},
{
"lang": "es",
"value": "Inyecci\u00f3n de comandos del sistema operativo en upload.cgi en ASUSTOR ADM en su versi\u00f3n 3.1.1 permite que los atacantes ejecuten comandos del sistema modificando el par\u00e1metro POST \"filename\"."
}
],
"id": "CVE-2018-12316",
"lastModified": "2024-11-21T03:44:58.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the \"rocommunity\" URL parameter."
},
{
"lang": "es",
"value": "Inyecci\u00f3n de comandos del sistema operativo en snmp.cgi en ASUSTOR ADM en su versi\u00f3n 3.1.1 permite que los atacantes ejecuten comandos del sistema sin autenticaci\u00f3n mediante el par\u00e1metro de la URL \"rocommunity\"."
}
],
"id": "CVE-2018-12313",
"lastModified": "2024-11-21T03:44:58.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the \"encrypt_key\" URL parameter."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de claves de cifrado en share.cgi en ASUSTOR ADM 3.1.1 permite que los atacantes obtengan la clave de cifrado mediante el par\u00e1metro de la URL \"encrypt_key\"."
}
],
"id": "CVE-2018-12308",
"lastModified": "2024-11-21T03:44:57.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en File Explorer en ASUSTOR ADM 3.1.1 permite que los atacantes ejecuten JavaScript arbitrario cuando se mueve un archivo mediante un nombre de archivo malicioso."
}
],
"id": "CVE-2018-12311",
"lastModified": "2024-11-21T03:44:57.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"name\" POST parameter."
},
{
"lang": "es",
"value": "Inyecci\u00f3n de comandos del sistema operativo en user.cgi en ASUSTOR ADM en su versi\u00f3n 3.1.1 permite que los atacantes ejecuten comandos del sistema como root mediante el par\u00e1metro POST \"name\"."
}
],
"id": "CVE-2018-12307",
"lastModified": "2024-11-21T03:44:57.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the \"file1\" URL parameter, a similar issue to CVE-2018-11344."
},
{
"lang": "es",
"value": "Salto de directorio en File Explorer en ASUSTOR ADM 3.1.1 permite que los atacantes visualicen archivos arbitrarios modificando el par\u00e1metro de la URL \"file1\". Este problema es similar a CVE-2018-11344."
}
],
"id": "CVE-2018-12306",
"lastModified": "2024-11-21T03:44:57.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the \"path\" URL parameter. NOTE: the \"filename\" POST parameter is covered by CVE-2018-11345."
},
{
"lang": "es",
"value": "Salto de directorio en upload.cgi en ASUSTOR ADM 3.1.1 permite que los atacantes suban archivos a ubicaciones arbitrarias modificando el par\u00e1metro \"path\" de la URL. NOTA: el par\u00e1metro POST \"filename\" est\u00e1 cubierto por CVE-2018-11345."
}
],
"id": "CVE-2018-12309",
"lastModified": "2024-11-21T03:44:57.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n en la p\u00e1gina de opciones SNMP en en ASUSTOR ADM en su versi\u00f3n 3.1.1 permite que los atacantes obtengan la contrase\u00f1a de SNMP en texto claro."
}
],
"id": "CVE-2018-12318",
"lastModified": "2024-11-21T03:44:58.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"secret_key\" URL parameter."
},
{
"lang": "es",
"value": "Inyecci\u00f3n de comandos del sistema en user.cgi en ASUSTOR ADM en su versi\u00f3n 3.1.1 permite que los atacantes ejecuten comandos del sistema mediante el par\u00e1metro de la URL \"secret_key\"."
}
],
"id": "CVE-2018-12312",
"lastModified": "2024-11-21T03:44:58.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title."
},
{
"lang": "es",
"value": "Denegaci\u00f3n de servicio (DoS) en la p\u00e1gina de inicio de sesi\u00f3n de ASUSTOR ADM 3.1.1 permite que los atacantes eviten que los usuarios inicien sesi\u00f3n colocando texto mal formado en el t\u00edtulo."
}
],
"id": "CVE-2018-12319",
"lastModified": "2024-11-21T03:44:59.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-04 17:29
Modified
2024-11-21 03:44
Severity ?
Summary
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asustor | data_master | 3.1.1 | |
| asustor | as602t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA8917-1E7B-4CB3-B189-5481702FBDA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CD5A36-365E-4A57-9808-7BAC87147AD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) en la p\u00e1gina de inicio de sesi\u00f3n en ASUSTOR ADM 3.1.1 permite que los atacantes ejecuten JavaScript mediante la caracter\u00edstica de anuncios del sistema."
}
],
"id": "CVE-2018-12310",
"lastModified": "2024-11-21T03:44:57.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-04T17:29:00.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}