CVE-2018-11344

Опубликовано: 22 мая 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.

Ссылки

http://seclists.org/fulldisclosure/2018/May/2
Exploit
Mailing List
Third Party Advisory
https://github.com/mefulton/asustorexploit
Third Party Advisory
https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2018/May/2
Exploit
Mailing List
Third Party Advisory
https://github.com/mefulton/asustorexploit
Third Party Advisory
https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:asustor:as6202t_firmware:*:*:*:*:*:*:*:*

Версия до adm_3.1.0.rfq3 (включая)

cpe:2.3:h:asustor:as6202t:-:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00442

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-w3mp-p5pr-xccf