RSS   Vulnerabilities for 'Asustor data master'   RSS

2018-08-16
 
CVE-2018-11511

CWE-89
 

 
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.

 
 
CVE-2018-11509

CWE-798
 

 
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.

 

 >>> Vendor: Asustor 6 Products
As6202t firmware
Soundsgood
ADM
Asustor data master
Data master
Exfat driver


Copyright 2021, cxsecurity.com

 

Back to Top