Path traversal

2018-05-2201:29:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.

CPENameOperatorVersion
as6202t_firmwareeq<= adm-3.1.0.rfq3

CPE	Name	Operator	Version
	as6202t_firmware	eq	<= adm-3.1.0.rfq3

References

seclists.org/fulldisclosure/2018/May/2

github.com/mefulton/asustorexploit

www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation