CVE-2018-12306

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM version 3.1.1

Description A directory traversal issue in the File Explorer component allows attackers to view arbitrary files by modifying the file1 URL parameter. This issue is similar to a previously known problem.

Recommendations For ASUSTOR ADM version 3.1.1, avoid using the file1 parameter in the affected URL until the issue is resolved. Consider restricting access to the File Explorer component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.