Shodan
Vulnerabilities
Vulnerable Software
Asustor:  >> Adm  Security Vulnerabilities
CVE-2023-2909
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.
CVSS Score
8.5
EPSS Score
0.003
Published
2023-05-31
CVE-2023-2749
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.
CVSS Score
8.6
EPSS Score
0.001
Published
2023-05-31
CVE-2023-2509
A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-05-17
CVE-2023-30770
A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.
CVSS Score
7.1
EPSS Score
0.004
Published
2023-04-17
CVE-2022-37398
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-08-05
CVE-2018-11510
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
CVSS Score
9.8
EPSS Score
0.905
Published
2018-06-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved