Asustor: >> Asustor Data Master Security Vulnerabilities
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.
CVSS Score
9.8
EPSS Score
0.103
Published
2018-08-16
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.
CVSS Score
9.8
EPSS Score
0.022
Published
2018-08-16