8 matches found
ASUSTOR Data Master Authorization Issues Vulnerability
ASUSTOR Data Master is a specialized operating system on ASUSTOR NAS from ASUS, China. An authorization issue vulnerability exists in ASUSTOR Data Master, which arises from improper privilege management and can be exploited by an unprivileged local attacker to modify the storage device...
Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices
ASUSTOR network-attached storage NAS devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances. In response to the infections, the company has released firmware updates ADM 4.0.4.RQO2 to "fix related security issues." The...
ASUSTOR ADM Path Traversal Vulnerability
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A directory traversal vulnerability exists in the downloadwallpaper.cgi file in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by manipulating the 'file' and 'folder' URL parameters to...
ASUSTOR ADM Remote Command Execution Vulnerability
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A security vulnerability exists in ASUSTOR ADM version 3.1.0.RFQ3, which stems from the program using the same default username and password as the NAS. An attacker could exploit the vulnerability to log in...
CVE-2018-11510
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecatejs.cgi file by embedding OS commands in the 'script' parameter...
CVE-2018-11345
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is...
ASUSTOR AS6202T ADM path traversal vulnerability (CNVD-2018-10308)
ASUSTOR AS6202T ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A path traversal vulnerability exists in the fileExplorer.cgi file in ASUSTOR AS6202T ADM version 3.1.0.RFQ3. An attacker can exploit this vulnerability to create arbitrary folders with the help of t...
ASUSTOR AS6202T ADM Path Traversal Vulnerability
ADM ASUSTOR Data Manager is the operating system and user interface for ASUSTOR NAS. A path traversal vulnerability exists in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3. An attacker can exploit this vulnerability to arbitrarily specify a file on the system to download via the file1 parameter...