NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): cpe:2.3:o:asustor:data_master:3.0:*:*:*:*:*:*:*

There are 6 matching records.

Displaying matches 1 through 6.

Vuln ID	Summary	CVSS Severity
CVE-2018-15699	ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field. Published: August 27, 2018; 10:29:00 AM -0400	V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2018-15698	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. Published: August 27, 2018; 10:29:00 AM -0400	V3.0: 6.5 MEDIUM V2.0: 6.8 MEDIUM
CVE-2018-15697	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history. Published: August 27, 2018; 10:29:00 AM -0400	V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM
CVE-2018-15696	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. Published: August 27, 2018; 10:29:00 AM -0400	V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM
CVE-2018-15695	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. Published: August 27, 2018; 10:29:00 AM -0400	V3.0: 6.5 MEDIUM V2.0: 8.5 HIGH
CVE-2018-15694	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled. Published: August 27, 2018; 10:29:00 AM -0400	V3.0: 7.5 HIGH V2.0: 6.0 MEDIUM