CVE-2018-11345

Name of the Vulnerable Software and Affected Versions ASUSTOR AS6202T ADM version 3.1.0.RFQ3

Description The issue allows attackers to upload files via the filename parameter in the POST request to the "upload.cgi" endpoint. This can lead to the execution of attacker-controlled code on the file system. The filename parameter is also vulnerable to path traversal, enabling attackers to place files anywhere on the system.

Recommendations For ASUSTOR AS6202T ADM version 3.1.0.RFQ3, consider restricting access to the "upload.cgi" endpoint until a patch is available. As a temporary workaround, avoid using the filename parameter in the POST request to prevent potential path traversal and file upload attacks.