CVE-2018-11510

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM version 3.1.0.RFQ3

Description The issue is related to an unauthenticated remote code execution in the "portal/apis/aggrecate js.cgi" API endpoint. This is achieved by embedding OS commands in the script parameter.

Recommendations For ASUSTOR ADM version 3.1.0.RFQ3, as a temporary workaround, consider restricting access to the "portal/apis/aggrecate js.cgi" API endpoint until a patch is available. Avoid using the script parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.