ID CVE-2018-11510
Summary The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:asustor:adm:3.1.2.rhg1
    cpe:2.3:a:asustor:adm:3.1.2.rhg1
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-255
CAPEC
exploit-db via4
  • description ADM 3.1.2RHG1 - Remote Code Execution. CVE-2018-11510. Webapps exploit for Hardware platform
    file exploits/hardware/webapps/45212.py
    id EDB-ID:45212
    last seen 2018-08-17
    modified 2018-08-17
    platform hardware
    port 443
    published 2018-08-17
    reporter Exploit-DB
    source https://www.exploit-db.com/download/45212/
    title ADM 3.1.2RHG1 - Remote Code Execution
    type webapps
  • description ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection. CVE-2018-11509,CVE-2018-11510,CVE-2018-11511. Webapps exploit for CGI platform. Tags: Blin...
    file exploits/cgi/webapps/45200.txt
    id EDB-ID:45200
    last seen 2018-08-15
    modified 2018-08-15
    platform cgi
    port 8001
    published 2018-08-15
    reporter Exploit-DB
    source https://www.exploit-db.com/download/45200/
    title ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection
    type webapps
packetstorm via4
refmap via4
misc
Last major update 28-06-2018 - 10:29
Published 28-06-2018 - 10:29
Last modified 09-10-2018 - 13:29
Back to Top