334 matches found
CVE-2019-11688
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation...
CVE-2019-11689
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root...
CVE-2019-11689
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root...
CVE-2019-11688
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation...
Remote code execution
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root...
Input validation
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation...
CVE-2019-11689
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root...
CVE-2019-11689
CVE-2019-11689 affects ASUSTOR exFAT Driver up to version 1.0.0.r20. During license validation, the components exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, enabling code execution as root. Red Hat and NVD entries corroborate the ...
CVE-2019-11688
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation...
CVE-2019-11688
ASUSTOR exFAT Driver (affected: 1.0.0.r20 and earlier) contains a Missing SSL Certificate Validation flaw in license validation paths. Specifically, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com, enabling potential interception or tampering during license checks. Con...
VulnCheck KEV: CVE-2018-11510
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecatejs.cgi file by embedding OS commands in the 'script' parameter...
ASUSTOR ADM Denial of Service Vulnerability
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A denial of service vulnerability exists in the login page of ASUSTOR ADM version 3.1.1, which can be exploited to prevent users from logging in by placing malformed text in the login page name...
ASUSTOR ADM path traversal vulnerability (CNVD-2018-25039)
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A directory traversal vulnerability exists in the upload.cgi file in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by modifying the 'path' URL parameter to upload a file to an arbitra...
ASUSTOR ADM OS Command Injection Vulnerability (CNVD-2018-26927)
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. An operating system command injection vulnerability exists in the user.cgi file in ASUSTOR ADM version 3.1.1, which can be exploited to execute system commands with the help of the 'name' POST parameter...
ASUSTOR ADM cross-site scripting vulnerability (CNVD-2018-26928)
ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1, which can be exploited by remote attackers to execute JavaScript co...
ASUSTOR ADM Operating System Command Injection Vulnerability
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. An operating system command injection vulnerability exists in the group.cgi file in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by modifying the 'name' POST parameter to execute...
ASUSTOR ADM Information Disclosure Vulnerability
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. An information disclosure vulnerability exists in the SNMP settings page in ASUSTOR ADM version 3.1.1, which can be exploited by an attacker to obtain SNMP passwords in plaintext...
ASUSTOR ADM File Explorer Cross-Site Scripting Vulnerability
ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1. A remote attacker can exploit this vulnerability to execute arbitra...
ASUSTOR ADM OS Command Injection Vulnerability (CNVD-2018-26932)
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. An operating system command injection vulnerability exists in the user.cgi file in ASUSTOR ADM version 3.1.1, which can be exploited to execute system commands with root privileges using the 'secretkey' URL...
ASUSTOR ADM Path Traversal Vulnerability
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A directory traversal vulnerability exists in the downloadwallpaper.cgi file in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by manipulating the 'file' and 'folder' URL parameters to...