PT-2018-11106 · Asustor · Asustor Adm

Published

2018-12-04

Updated

2019-10-03

CVE-2018-12308

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM version 3.1.1

Description The issue allows attackers to obtain the encryption key via the encrypt key variable in the share.cgi API endpoint.

Recommendations For ASUSTOR ADM version 3.1.1, avoid using the encrypt key variable in the share.cgi API endpoint until the issue is resolved.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2018-12308

Asustor Adm