Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2909 | 1 Asustor | 1 Adm | 2023-12-10 | N/A | 10.0 CRITICAL |
| EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below. | |||||
| CVE-2023-2749 | 1 Asustor | 2 Adm, Download Center | 2023-12-10 | N/A | 7.5 HIGH |
| Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. | |||||
| CVE-2023-30770 | 1 Asustor | 1 Adm | 2023-12-10 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below. | |||||
| CVE-2023-2509 | 1 Asustor | 3 Adm, Looksgood, Soundsgood | 2023-12-10 | N/A | 6.1 MEDIUM |
| A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below. | |||||
| CVE-2022-37398 | 1 Asustor | 1 Adm | 2023-12-10 | N/A | 8.8 HIGH |
| A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below. | |||||
| CVE-2018-11510 | 1 Asustor | 1 Adm | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter. | |||||