PT-2018-10498 · Asustor · Asustor As6202T Adm

Published

2018-05-22

Updated

2019-03-21

CVE-2018-11340

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ASUSTOR AS6202T ADM version 3.1.0.RFQ3

Description The issue allows attackers to upload supplied data to a specified filename due to an unrestricted file upload vulnerability in importuser.cgi. This can be used to place attacker-controlled code on the file system that is then executed.

Recommendations For ASUSTOR AS6202T ADM version 3.1.0.RFQ3, consider restricting access to the importuser.cgi script until a patch is available to prevent attackers from uploading malicious files.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-11340

Affected Products

Asustor As6202T Adm

PT-2018-10498 · Asustor · Asustor As6202T Adm

CVE-2018-11340

Weakness Enumeration

Related Identifiers

Affected Products

References · 5