PT-2018-10502 · Asustor · Asustor As6202T Adm

Matthew Fulton

Published

2018-05-22

Updated

2019-03-21

CVE-2018-11344

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ASUSTOR AS6202T ADM version 3.1.0.RFQ3

Description A path traversal issue exists, allowing attackers to specify any file on the system for download using the file1 parameter in the "download.cgi" endpoint.

Recommendations For ASUSTOR AS6202T ADM version 3.1.0.RFQ3, consider restricting access to the download.cgi endpoint until a patch is available. As a temporary workaround, avoid using the file1 parameter in the download.cgi endpoint to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-11344

Affected Products

Asustor As6202T Adm

PT-2018-10502 · Asustor · Asustor As6202T Adm

CVE-2018-11344

Weakness Enumeration

Related Identifiers

Affected Products

References · 5