Описание
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до adm_3.1.0.rfq3 (включая)
Одновременно
cpe:2.3:o:asustor:as6202t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asustor:as6202t:-:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00152
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-425
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.
EPSS
Процентиль: 36%
0.00152
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-425