Asustor Data Master vulnerabilities
2 known vulnerabilities affecting asustor/asustor_data_master.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2018-11511P1CRITICALCVSS 9.8ExploitedPoCv3.1.02018-08-16
CVE-2018-11511 [CRITICAL] CWE-89 CVE-2018-11511: The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL inj
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.
nvd
CVE-2018-11509P2CRITICALCVSS 9.8PoCv3.1.02018-08-16
CVE-2018-11509 [CRITICAL] CWE-798 CVE-2018-11509: ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.
nvd