Data Master@* Security Vulnerabilities and Issues — Data Master@* CVE List

Lucene search

AsustorData Master*

11 matches found

CVE•added 2018/08/27 2:29 p.m.•46 views

CVE-2018-15696

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.

4.3CVSS5.7AI score0.00406EPSS

CVE•added 2018/08/27 2:29 p.m.•44 views

CVE-2018-15697

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.

6.5CVSS6.6AI score0.00557EPSS

CVE•added 2018/08/27 2:29 p.m.•36 views

CVE-2018-15694

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.

7.5CVSS7.7AI score0.02755EPSS

CVE•added 2018/08/27 2:29 p.m.•36 views

CVE-2018-15698

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.

6.8CVSS6.7AI score0.00961EPSS

CVE•added 2018/08/27 2:29 p.m.•33 views

CVE-2018-15695

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.

8.5CVSS6.7AI score0.0064EPSS

CVE•added 2018/08/27 2:29 p.m.•33 views

CVE-2018-15699

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.

6.1CVSS6.7AI score0.0024EPSS

CVE•added 2023/08/17 10:15 a.m.•33 views

CVE-2023-3697

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

8.8CVSS8.5AI score0.0031EPSS

CVE•added 2023/08/17 10:15 a.m.•32 views

CVE-2023-3698

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

8.5CVSS8.1AI score0.00258EPSS

CVE•added 2023/08/22 7:16 p.m.•28 views

CVE-2023-4475

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

7.5CVSS6.1AI score0.00074EPSS

CVE•added 2023/08/17 10:15 a.m.•26 views

CVE-2023-2910

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.R...

8.8CVSS9.1AI score0.00555EPSS

CVE•added 2023/08/22 7:16 p.m.•26 views

CVE-2023-3699

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

8.7CVSS5.8AI score0.00049EPSS