Skip to main content

Data Master

33 CVEs product

Monthly

CVE-2026-3179 HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal Data Master
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-3100 MEDIUM This Month

Man-in-the-middle attacks in TLS/SSL certificate verification for FTPES/FTPS connections in ADM 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allow remote attackers to intercept and modify backup data and authentication credentials without patching available. The FTP Backup feature fails to properly validate certificates, enabling network traffic interception and credential compromise during secure file transfers. Affected organizations should implement network segmentation or disable FTPES/FTPS backup functionality until patches become available.

TLS Data Master
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-24936 CRITICAL Act Now

ASUSTOR ADM has an input validation vulnerability when joining AD Domain that allows unauthenticated attackers to compromise the NAS device.

Code Injection Data Master
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24935 MEDIUM This Month

Data Master ADM 4.1.0-4.3.3 and 5.0.0-5.1.1 are vulnerable to man-in-the-middle attacks due to improper SSL/TLS certificate validation in the NAT traversal module, allowing attackers to intercept tunnel establishment and redirect connections to the signaling server. An attacker exploiting this can proxy device service communications, disrupt availability, or position themselves for follow-on attacks, though further authentication is required to access actual device services. No patch is currently available.

Authentication Bypass Data Master
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-24934 LOW Monitor

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. [CVSS 3.7 LOW]

Authentication Bypass Data Master
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-24933 MEDIUM This Month

Data Master versions 4.1.0-4.3.3 and 5.0.0-5.1.1 fail to validate SSL/TLS certificates during HTTPS communication, enabling unauthenticated attackers to conduct man-in-the-middle attacks and intercept sensitive data including emails, password hashes, and device serial numbers. The vulnerability affects API communication with no available patch, leaving affected installations at persistent risk of credential and information disclosure.

Authentication Bypass Data Master
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-24932 MEDIUM This Month

Improper TLS/SSL certificate validation in ADM's DDNS update function (versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.1.RCI1) enables remote man-in-the-middle attacks to intercept HTTPS communications and extract sensitive data including user email, MD5 hashed passwords, and device serial numbers. An unauthenticated attacker on the network can exploit this weakness without user interaction to compromise DDNS update credentials. No patch is currently available for affected versions.

TLS Data Master
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-4475 MEDIUM This Month

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Data Master
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3699 MEDIUM This Month

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Data Master
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-3698 HIGH This Week

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-3697 HIGH This Week

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2910 HIGH This Week

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Data Master
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2018-12319 HIGH POC This Week

Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-12318 HIGH POC This Week

Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-12317 HIGH POC This Week

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2018-12316 HIGH POC This Week

OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2018-12315 MEDIUM POC This Month

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-12314 HIGH POC This Week

Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-12313 CRITICAL POC Act Now

OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2018-12312 HIGH POC This Week

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2018-12311 MEDIUM POC This Month

Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-12310 MEDIUM POC This Month

Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-12309 HIGH POC This Week

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-12308 MEDIUM POC This Month

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-12307 HIGH POC This Week

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2018-12306 HIGH POC This Week

Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-12305 MEDIUM POC This Month

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-15699 MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-15698 MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-15697 MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-15696 MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-15695 MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-15694 HIGH POC This Week

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Path Traversal Data Master
NVD
CVSS 3.0
7.5
EPSS
1.5%
EPSS 0% CVSS 8.1
HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Man-in-the-middle attacks in TLS/SSL certificate verification for FTPES/FTPS connections in ADM 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allow remote attackers to intercept and modify backup data and authentication credentials without patching available. The FTP Backup feature fails to properly validate certificates, enabling network traffic interception and credential compromise during secure file transfers. Affected organizations should implement network segmentation or disable FTPES/FTPS backup functionality until patches become available.

TLS Data Master
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

ASUSTOR ADM has an input validation vulnerability when joining AD Domain that allows unauthenticated attackers to compromise the NAS device.

Code Injection Data Master
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

Data Master ADM 4.1.0-4.3.3 and 5.0.0-5.1.1 are vulnerable to man-in-the-middle attacks due to improper SSL/TLS certificate validation in the NAT traversal module, allowing attackers to intercept tunnel establishment and redirect connections to the signaling server. An attacker exploiting this can proxy device service communications, disrupt availability, or position themselves for follow-on attacks, though further authentication is required to access actual device services. No patch is currently available.

Authentication Bypass Data Master
NVD
EPSS 0% CVSS 3.7
LOW Monitor

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. [CVSS 3.7 LOW]

Authentication Bypass Data Master
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Data Master versions 4.1.0-4.3.3 and 5.0.0-5.1.1 fail to validate SSL/TLS certificates during HTTPS communication, enabling unauthenticated attackers to conduct man-in-the-middle attacks and intercept sensitive data including emails, password hashes, and device serial numbers. The vulnerability affects API communication with no available patch, leaving affected installations at persistent risk of credential and information disclosure.

Authentication Bypass Data Master
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper TLS/SSL certificate validation in ADM's DDNS update function (versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.1.RCI1) enables remote man-in-the-middle attacks to intercept HTTPS communications and extract sensitive data including user email, MD5 hashed passwords, and device serial numbers. An unauthenticated attacker on the network can exploit this weakness without user interaction to compromise DDNS update credentials. No patch is currently available for affected versions.

TLS Data Master
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Data Master
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Data Master
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Data Master
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Data Master
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Data Master
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Data Master
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Data Master
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Data Master
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Data Master
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Data Master
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Path Traversal Data Master
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy