Lucene search
K
AsustorData Master

37 matches found

CVE
CVE
added 2018/08/27 2:0 p.m.57 views

CVE-2018-15696

ASUSTOR Data Master (ADM) prior to 3.1.6 is affected by CVE-2018-15696: authenticated remote non-administrative users can enumerate all user accounts via user.cgi. Vulnerability details are supported by multiple sources (e.g., NVD entry and OpenVAS plugin noting ADM < 3.1.6 includes CVE-2018-1...

4.3CVSS5.7AI score0.00729EPSS
CVE
CVE
added 2018/08/27 2:0 p.m.56 views

CVE-2018-15697

ASUSTOR Data Master (ADM) prior to version 3.1.6 is affected by CVE-2018-15697. Authenticated non-administrative users can read any file on a shared NAS by supplying the full path in the request (example: /home/admin/.ash_history). The issue stems from a file-disclosure vulnerability in ADM 3.1.5...

6.5CVSS6.6AI score0.00907EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.54 views

CVE-2018-12312

ASUSTOR ADM 3.1.1 contains an OS command injection in user.cgi that allows an attacker to run commands as root via the secret_key URL parameter. Vulnerability is triggered through network exposure to ASUSTOR ADM's web interface, enabling arbitrary command execution with root privileges if the par...

9CVSS9.4AI score0.03443EPSS
CVE
CVE
added 2026/02/03 3:50 a.m.54 views

CVE-2026-24936

CVE-2026-24936 affects ASUSTOR ADM: an improper input parameter validation flaw in a CGI program when a specific function is enabled during AD Domain join allows an unauthenticated remote attacker to write arbitrary data to any file, potentially leading to complete system compromise. Affected: AD...

9.8CVSS5.8AI score0.00779EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.50 views

CVE-2018-12313

CVE-2018-12313 affects ASUSTOR ADM 3.1.1: OS command injection in snmp.cgi exploitable without authentication via the rocommunity parameter. Impact: remote code execution with high integrity/availability risk (CVSSv3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H = 9.8). Affected component: snmp.cgi in ADM;...

10CVSS10AI score0.04354EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.50 views

CVE-2018-12318

CVE-2018-12318 relates to ASUSTOR ADM (versions including 3.1.1) where the SNMP settings page leaks the SNMP password in plaintext. The CVE is documented in multiple sources (NVD and CNVD entries) with the same basic impact: information disclosure. The root cause is an information disclosure flaw...

8.8CVSS8.8AI score0.01103EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.49 views

CVE-2018-12314

ASUSTOR ADM 3.1.1 is affected by a directory traversal vulnerability in downloadwallpaper.cgi. The issue allows an attacker to download arbitrary files by manipulating the file and folder URL parameters. This is documented in CVE-2018-12314 (NVD entry) and corroborated by CNVD-2018-25182, which d...

7.8CVSS8AI score0.02309EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.49 views

CVE-2018-12317

CVE-2018-12317 relates to an OS command injection in ASUSTOR ADM 3.1.1 (group.cgi) that allows an attacker to run arbitrary commands as root by altering the name POST parameter. The vulnerability is described across NVD/CNVD entries as affecting ASUSTOR ADM on the affected NAS devices, with root-...

9CVSS9.4AI score0.03443EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.47 views

CVE-2018-12305

The provided connected sources confirm a Cross-site scripting vulnerability in ASUSTOR ADM 3.1.1 File Explorer. Specifically, uploading SVG images with embedded JavaScript allows an attacker to execute code. Affected product: ASUSTOR ADM (File Explorer component) version 3.1.1. Root cause: improp...

6.1CVSS6.8AI score0.00692EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.47 views

CVE-2018-12307

ASUSTOR ADM version 3.1.1 is affected by an OS command injection in the user.cgi component. The vulnerability allows an attacker to execute system commands as root via the name POST parameter, enabling full compromise of the device. Descriptions across multiple feeds (NVD/NVD family and CNVD) con...

9CVSS9.4AI score0.03443EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.47 views

CVE-2018-12319

CVE-2018-12319 affects ASUSTOR ADM 3.1.1. The Available connected documents describe a Denial-of-Service on the login page caused by placing malformed text in the login page title, preventing users from signing in. The vulnerability impact is partial availability loss (DoS) with a high CVSS 3.0 b...

7.5CVSS7.9AI score0.01179EPSS
CVE
CVE
added 2018/08/27 2:0 p.m.47 views

CVE-2018-15694

CVE-2018-15694 affects ASUSTOR Data Master (ADM) running on NAS devices, specifically versions 3.1.5 and earlier. A path traversal vulnerability allows authenticated remote non-administrative users to upload files to arbitrary locations, which could lead to code execution if the Web Server featur...

7.5CVSS7.7AI score0.01511EPSS
CVE
CVE
added 2018/08/27 2:0 p.m.46 views

CVE-2018-15698

ASUSTOR Data Master (ADM) 3.1.5 and earlier: authenticated remote non-administrative users can read arbitrary files on the file system by providing the full path to loginimage.cgi. This is CVE-2018-15698 (NVD/CVE entry). The vulnerability originates from an information-disclosure flaw in ADM prio...

6.8CVSS6.7AI score0.01106EPSS
CVE
CVE
added 2023/08/17 9:33 a.m.46 views

CVE-2023-3697

CVE-2023-3697 affects ASUSTOR ADM printers: the printer service fails to properly validate user input, enabling remote unauthorized users to traverse directories and create files beyond the intended path. Affected products/versions include ADM 4.0.6.RIS1, 4.1.0 and earlier, and ADM 4.2.2.RI61 and...

8.8CVSS8.5AI score0.00549EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.45 views

CVE-2018-12315

ASUSTOR ADM 3.1.1 contains a password verification bypass vulnerability: missing verification allows attackers to change account passwords without the current password. Affected component: ADM password handling. Root cause: inadequate password validation. Impact: unauthorized password changes (no...

6.5CVSS7.1AI score0.00681EPSS
CVE
CVE
added 2018/08/27 2:0 p.m.45 views

CVE-2018-15695

ASUSTOR Data Master (ADM) is affected in versions 3.1.5 and earlier due to a path traversal vulnerability in wallpaper.cgi. The issue allows authenticated remote non-administrative users to delete arbitrary files on the file system. Root cause: path traversal in wallpaper.cgi. Impact per sources:...

8.5CVSS6.7AI score0.01014EPSS
CVE
CVE
added 2018/08/27 2:0 p.m.45 views

CVE-2018-15699

Summary for CVE-2018-15699 : Affected product is ASUSTOR Data Master (ADM) web interface prior to 3.1.6. The issue arises when ADM repeatedly makes HTTP requests for a configuration file, allowing a MITM attacker to inject JavaScript into the Version field, resulting in a cross‑site scripting (XS...

6.1CVSS6.7AI score0.00646EPSS
CVE
CVE
added 2023/08/17 9:25 a.m.45 views

CVE-2023-2910

CVE-2023-2910 affects ASUSTOR Data Master (ADM) Printer service. The root cause is improper neutralization of special elements used in a command (command injection) which enables remote, unauthenticated abuse to execute arbitrary commands. Affected ADM versions include 4.0.6.RIS1, 4.1.0 and below...

8.8CVSS9.1AI score0.01341EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.44 views

CVE-2018-12306

CVE-2018-12306 describes a directory traversal vulnerability in ASUSTOR ADM’s File Explorer (v3.1.1). An attacker can view arbitrary files by altering the URL parameter file1, indicating improper input handling in the file-path logic. The vulnerability is presented as analogous to CVE-2018-11344....

7.5CVSS6.7AI score0.0174EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.44 views

CVE-2018-12309

CVE-2018-12309 describes a directory traversal in ASUSTOR ADM 3.1.1, via upload.cgi, allowing an attacker to upload files to arbitrary locations by modifying the path URL parameter (the filename parameter is covered by CVE-2018-11345). NVD lists CVSS v3.0 base score 7.5 (HIGH) with network attack...

7.5CVSS8.1AI score0.01504EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.43 views

CVE-2018-12310

CVE-2018-12310 describes a cross-site scripting vulnerability in ASUSTOR ADM (login page, version 3.1.1) where an attacker can inject JavaScript through the System Announcement feature. Affected component: ASUSTOR ADM login flow. Underlying issue: stored/reflected XSS in the login surface (detail...

5.4CVSS6.4AI score0.00545EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.43 views

CVE-2018-12311

ASUSTOR ADM File Explorer (v3.1.1) is affected by a cross-site scripting vulnerability. When a file is moved using a malicious filename, an attacker can cause arbitrary JavaScript execution. The reports do not provide specific fixes or patch versions in the supplied documents.

5.4CVSS6.4AI score0.00545EPSS
CVE
CVE
added 2023/08/22 9:2 a.m.43 views

CVE-2023-4475

ASUSTOR Data Master (ADM) is affected by an Arbitrary File Movement vulnerability via the file renaming feature. Affected: ADM 4.0.6.RIS1 and below, ADM 4.1.0 and below, ADM 4.2.2.RI61 and below. Root cause: exploitation of the file renaming mechanism to move files into unintended directories. Im...

7.5CVSS6.1AI score0.00159EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.42 views

CVE-2018-12308

ASUSTOR ADM 3.1.1 is affected by an information disclosure in share.cgi that allows an attacker to obtain the encryption key via the encrypt_key URL parameter. The root cause is a flaw in how share.cgi handles the key, enabling unauthorized access to the encryption key and potential compromise of...

6.5CVSS6.9AI score0.00586EPSS
CVE
CVE
added 2023/08/17 9:34 a.m.42 views

CVE-2023-3698

The CVE-2023-3698 issue affects ASUSTOR ADM’s Printer service. The vulnerability is a input-validation/path traversal flaw in the Printer service that lets remote unauthorized users navigate beyond the intended directory structure and delete files. Affected ADM versions include 4.0.6.RIS1, 4.1.0 ...

8.5CVSS8.1AI score0.00532EPSS
CVE
CVE
added 2023/08/22 8:57 a.m.39 views

CVE-2023-3699

CVE-2023-3699 affects ASUSTOR Data Master (ADM) on ASUSTOR NAS. The issue is an improper privilege management that allows an unprivileged local user to modify the storage devices configuration. Affected ADM versions: 4.0.6.RIS1 and below; 4.1.0 and below; 4.2.2.RI61 and below. Impact is the abili...

8.7CVSS5.8AI score0.00145EPSS
CVE
CVE
added 2018/12/04 5:0 p.m.38 views

CVE-2018-12316

ASUSTOR ADM is affected by OS Command Injection in upload.cgi in version 3.1.1, where an attacker can modify the filename POST parameter to execute system commands. This is documented across multiple sources (NVD CVE-2018-12316, CNVD-2018-25181, OpenVAS entry) with a CVSS base score high (3.0: 8....

9CVSS9.4AI score0.03443EPSS
CVE
CVE
added 2026/04/20 6:54 a.m.24 views

CVE-2026-6644

The CVE-2026-6644 entry describes a command-injection vulnerability in ADM PPTP VPN Clients that allows an administrative user to escape the restricted web environment and execute arbitrary OS commands, enabling Remote Code Execution and full system compromise. Affected are ADM versions 4.1.0–4.3...

9.4CVSS6.2AI score0.01451EPSS
CVE
CVE
added 2026/02/03 2:19 a.m.22 views

CVE-2026-24932

The CVE-2026-24932 issue is an improper TLS/SSL certificate hostname validation in ADM’s DDNS update function. The vulnerability allows a remote attacker to perform a Man‑in‑the‑Middle (MitM) attack over HTTPS, potentially exposing sensitive DDNS updating data such as the user’s email, MD5‑hashed...

8.9CVSS5.5AI score0.00206EPSS
CVE
CVE
added 2026/02/25 5:55 a.m.22 views

CVE-2026-3179

The CVE describes a Path Traversal in ASUSTOR ADM FTP Backup on Linux platforms (x86, ARM, 64‑bit). The vulnerability arises from improper limitation of a pathname to a restricted directory, enabling unauthorized access via the network. Affected ADM versions are 4.1.0 through 4.3.3.ROF1, and 5.0....

9.2CVSS6AI score0.0049EPSS
CVE
CVE
added 2026/02/25 5:52 a.m.17 views

CVE-2026-3100

CVE-2026-3100 affects ASUSTOR ADM FTP Backup running on Linux/x86/ARM (64‑bit). The issue is improper certificate validation in ADM FTP Backup, enabling sniffing attacks over the network. Affected versions are ADM 4.1.0–4.3.3.ROF1 and 5.0.0–5.1.2.RE51. The CVSS base score is 8.3 (HIGH) with netwo...

8.3CVSS5.5AI score0.00179EPSS
CVE
CVE
added 2026/02/03 2:22 a.m.15 views

CVE-2026-24933

CVE-2026-24933 describes an improper SSL/TLS certificate validation in the API communication component, allowing MITM interception of HTTPS traffic and exposure of sensitive user data (emails, MD5 hashes, device serial numbers). Affected software: ADM 4.1.0–4.3.3.ROF1 and ADM 5.0.0–5.1.1.RCI1. Ro...

8.9CVSS5.6AI score0.00204EPSS
CVE
CVE
added 2026/02/03 2:26 a.m.13 views

CVE-2026-24934

CVE-2026-24934 describes an insecure DDNS WAN-IP lookup in ADM firmware. The DDNS function uses HTTP or fails to validate the SSL/TLS certificate when querying an external server for the device’s WAN IP, enabling an unauthenticated MitM attacker to spoof the response and cause the device to updat...

6.3CVSS5.6AI score0.00156EPSS
CVE
CVE
added 2026/04/20 6:34 a.m.13 views

CVE-2026-6643

ASUSTOR ADM VPN clients (ADM 4.1.0–4.3.3.RR42 and 5.0.0–5.1.2.REO1) are affected by CVE-2026-6643 due to a stack-based buffer overflow caused by unbounded sscanf() and passing user-controlled data to printf() in vpnupload.cgi (upload_wireguard). The vulnerability can lead to code execution as the...

9.9CVSS6.5AI score0.00468EPSS
Web
CVE
CVE
added 2025/12/12 2:46 a.m.11 views

CVE-2025-13053

The CVE-2025-13053 issue affects ASUSTOR ADM NAS: vulnerable in versions 4.1.0–4.3.3.RKD2 and 5.0.0–5.1.0.RN42. Root cause is non-enforced TLS certificate verification when configuring NAS to retrieve UPS status or control the UPS, enabling a network MITM attack to intercept traffic and potential...

7CVSS6.2AI score0.00085EPSS
CVE
CVE
added 2025/12/12 2:30 a.m.9 views

CVE-2025-13052

CVE-2025-13052 describes improper TLS/SSL certificate validation in ADM notifications when sending emails via msmtp, enabling potential MITM disclosure of SMTP data. Affected: ADM 4.1.0–4.3.3.RKD2 and 5.0.0–5.1.0.RN42. Root cause: TLS/SSL validation weakness between SMTP client and server. Impact...

7CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2026/02/03 2:28 a.m.9 views

CVE-2026-24935

CVE-2026-24935: A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server, enabling a MitM attacker to intercept or redirect the NAT tunnel establishment. This vulnerability could disrupt service availability or enable targeted attacks by ac...

6.3CVSS5.5AI score0.00144EPSS