Shodan
Maps
Images
Monitor
Developer
More...
Dashboard
View Api Docs
Vulnerabilities
By Date
Known Exploited
Advanced Search
Vulnerable Software
Vendors
Products
Vulnerability Details CVE-2018-11344
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score
0.005
EPSS Ranking
63.5%
CVSS Severity
CVSS v3 Score
6.5
CVSS v2 Score
4.0
References
http://seclists.org/fulldisclosure/2018/May/2
https://github.com/mefulton/asustorexploit
https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation
http://seclists.org/fulldisclosure/2018/May/2
https://github.com/mefulton/asustorexploit
https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation
Products affected by CVE-2018-11344
Asustor
»
As6202t
»
Version:
N/A
cpe:2.3:h:asustor:as6202t:-
Asustor
»
As6202t Firmware
»
Version:
N/A
cpe:2.3:o:asustor:as6202t_firmware:-
Asustor
»
As6202t Firmware
»
Version:
adm_3.1.0.rfq3
cpe:2.3:o:asustor:as6202t_firmware:adm_3.1.0.rfq3
Products
Monitor
Search Engine
Developer API
Maps
Bulk Data
Images
Snippets
Pricing
Membership
API Subscriptions
Enterprise
Contact Us
support@shodan.io
Shodan ® - All rights reserved