PT-2018-10500 · Asustor · Asustor As6202T Adm

Matthew Fulton

Published

2018-05-22

Updated

2019-03-29

CVE-2018-11342

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions ASUSTOR AS6202T ADM version 3.1.0.RFQ3

Description A path traversal issue in the fileExplorer.cgi component allows attackers to specify arbitrary paths to system files, enabling them to create folders using the dest folder parameter.

Recommendations For ASUSTOR AS6202T ADM version 3.1.0.RFQ3, avoid using the dest folder parameter in the fileExplorer.cgi component until a fix is available. Consider restricting access to the fileExplorer.cgi to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-11342

Affected Products

Asustor As6202T Adm

PT-2018-10500 · Asustor · Asustor As6202T Adm

CVE-2018-11342

Weakness Enumeration

Related Identifiers

Affected Products

References · 5