Unrestricted file upload

2018-05-2201:29:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.0%

JSON

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.

CPENameOperatorVersion
as6202t_firmwareeq<= adm-3.1.0.rfq3

CPE	Name	Operator	Version
	as6202t_firmware	eq	<= adm-3.1.0.rfq3

References

seclists.org/fulldisclosure/2018/May/2

github.com/mefulton/asustorexploit

www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation