HomePentest-Tools.com Logo

ASUSTOR ADM < 3.1.3.RHU2 Multiple Vulnerabilities - Active Check CVE-2018-12305CVE-2018-12306CVE-2018-12307CVE-2018-12308CVE-2018-12309CVE-2018-12310CVE-2018-12311CVE-2018-12312CVE-2018-12313CVE-2018-12314CVE-2018-12315CVE-2018-12316CVE-2018-12317CVE-2018-12318CVE-2018-12319

Severity
CVSSv3 Score
7.5
Vulnerability description

ASUSTOR ADM is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2018-12305: Cross-Site Scripting via SVG Images - CVE-2018-12306: Directory Traversal via download.cgi - CVE-2018-12307: Command Injection in user.cgi - CVE-2018-12308: Shared Folder Encryption Key Sent as URL Parameter - CVE-2018-12309: Directory Traversal via upload.cgi - CVE-2018-12310: Cross-Site Scripting on Login page - CVE-2018-12311: Missing Input Sanitization on File Explorer filenames - CVE-2018-12313: Unauthenticated Command Injection in SNMP API - CVE-2018-12314: Directory Traversal via downloadwallpaper.cgi - CVE-2018-12315: Password Change Does Not Require Existing Password - CVE-2018-12316: Command Injection in upload.cgi - CVE-2018-12317: Command Injection in group.cgi - CVE-2018-12318: snmp.cgi Returns Password in Cleartext - CVE-2018-12319: Login Denial of Service

Recommendation

Update to version 3.1.3.RHU2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 4, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available