CVE-2018-15694

Name of the Vulnerable Software and Affected Versions ASUSTOR Data Master versions 3.1.5 and below

Description The issue allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.

Recommendations For ASUSTOR Data Master versions 3.1.5 and below, update to a version above 3.1.5 to resolve the issue. As a temporary workaround, consider disabling the "Web Server" feature until a patch is available. Restrict access to file upload functionality to minimize the risk of exploitation.