Data Master@3.1.5 Security Vulnerabilities and Issues — Data Master@3.1.5 CVE List

Lucene search

AsustorData Master3.1.5

6 matches found

CVE•added 2018/08/27 2:29 p.m.•47 views

CVE-2018-15696

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.

4.3CVSS5.7AI score0.0031EPSS

CVE•added 2018/08/27 2:29 p.m.•46 views

CVE-2018-15697

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.

6.5CVSS6.6AI score0.00425EPSS

CVE•added 2018/08/27 2:29 p.m.•37 views

CVE-2018-15694

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.

7.5CVSS7.7AI score0.02118EPSS

CVE•added 2018/08/27 2:29 p.m.•37 views

CVE-2018-15698

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.

6.8CVSS6.7AI score0.00734EPSS

CVE•added 2018/08/27 2:29 p.m.•34 views

CVE-2018-15695

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.

8.5CVSS6.7AI score0.00488EPSS

CVE•added 2018/08/27 2:29 p.m.•34 views

CVE-2018-15699

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.

6.1CVSS6.7AI score0.0024EPSS