CVE-2018-12317

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM version 3.1.1

Description The issue allows attackers to execute system commands as root by modifying the name POST parameter in the group.cgi file. This enables attackers to gain elevated access and control over the system.

Recommendations For ASUSTOR ADM version 3.1.1, consider restricting access to the group.cgi file until a patch is available. As a temporary workaround, avoid using the name parameter in the affected POST requests to minimize the risk of exploitation.