Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/25 5:52 a.m.7 views

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

8.3CVSS5.5AI score0.00179EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.6 views

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

8.9CVSS5.5AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 2:26 a.m.15 views

CVE-2026-24934

CVE-2026-24934 describes an insecure DDNS WAN-IP lookup in ADM firmware. The DDNS function uses HTTP or fails to validate the SSL/TLS certificate when querying an external server for the device’s WAN IP, enabling an unauthenticated MitM attacker to spoof the response and cause the device to updat...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/03 2:26 a.m.7 views

EUVD-2026-5285

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-34355

Malicious code in bioql PyPI...

10CVSS8.7AI score0.00673EPSS
Exploits0References1
NVD
NVD
added 2023/08/22 7:16 p.m.23 views

CVE-2023-4475

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

7.5CVSS7.5AI score0.00159EPSS
Exploits0References1
Prion
Prion
added 2023/08/22 7:16 p.m.22 views

Privilege escalation

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master ADM allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

1.7CVSS5.3AI score0.00145EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/22 9:2 a.m.11 views

CVE-2023-4475 An Arbitrary File Movement vulnerability was found on the ADM

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

7.5CVSS6.8AI score0.00159EPSS
Exploits0References1
Prion
Prion
added 2023/08/17 10:15 a.m.25 views

Command injection

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in Printer service functionality in ASUSTOR Data Master ADM allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS...

6.5CVSS8.9AI score0.01341EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/17 9:33 a.m.48 views

CVE-2023-3697

CVE-2023-3697 affects ASUSTOR ADM printers: the printer service fails to properly validate user input, enabling remote unauthorized users to traverse directories and create files beyond the intended path. Affected products/versions include ADM 4.0.6.RIS1, 4.1.0 and earlier, and ADM 4.2.2.RI61 and...

8.8CVSS8.5AI score0.00549EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/17 9:25 a.m.14 views

CVE-2023-2910 A Command injection vulnerability was found on Printer service of ADM

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in Printer service functionality in ASUSTOR Data Master ADM allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS...

8.8CVSS7.9AI score0.01341EPSS
Exploits0References1
CVE
CVE
added 2023/08/17 9:25 a.m.47 views

CVE-2023-2910

CVE-2023-2910 affects ASUSTOR Data Master (ADM) Printer service. The root cause is improper neutralization of special elements used in a command (command injection) which enables remote, unauthenticated abuse to execute arbitrary commands. Affected ADM versions include 4.0.6.RIS1, 4.1.0 and below...

8.8CVSS9.1AI score0.01341EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/05/31 10:15 a.m.19 views

CVE-2023-2909

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below...

10CVSS9AI score0.00673EPSS
Exploits0References1
Prion
Prion
added 2023/05/31 10:15 a.m.24 views

Design/Logic Flaw

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below...

7.5CVSS9.3AI score0.00673EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder