Filtered by vendor Asustor
Subscribe
Total
43 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11346 | 1 Asustor | 2 As6202t, As6202t Firmware | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | |||||
CVE-2018-11510 | 1 Asustor | 1 Adm | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter. | |||||
CVE-2018-11344 | 1 Asustor | 2 As6202t, As6202t Firmware | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. |