Skip to main content

Asustor Data Master

2 CVEs product

Monthly

CVE-2018-11511 CRITICAL POC THREAT Act Now

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Asustor Data Master
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
11.2%
CVE-2018-11509 CRITICAL POC THREAT Act Now

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Asustor Data Master
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.6%
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Act Now

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Asustor Data Master
NVD Exploit-DB
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Asustor Data Master
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy