GCVE - cpe:2.3:a:tenable:asustor_data_master:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:tenable:asustor_data_master:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Tenable (`c0ec4e71-d667-5327-b3ed-b4c21aa5a87e`)
Product	Asustor Data Master (`14d19def-e8d7-532f-8ea9-2d70306f20c8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-15699`	vulnerable	2026-06-03 14:38:14.199199	Details available ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field. Published: 2018-08-27T14:00:00.000Z Updated: 2024-09-17T00:05:39.085Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2018-22	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-15698`	vulnerable	2026-06-03 14:38:14.198925	Details available ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. Published: 2018-08-27T14:00:00.000Z Updated: 2024-09-17T01:45:38.855Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2018-22	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-15697`	vulnerable	2026-06-03 14:38:14.198664	Details available ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history. Published: 2018-08-27T14:00:00.000Z Updated: 2024-09-16T20:36:51.437Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2018-22	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-15696`	vulnerable	2026-06-03 14:38:14.198380	Details available ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. Published: 2018-08-27T14:00:00.000Z Updated: 2024-09-16T16:28:09.003Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2018-22	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-15695`	vulnerable	2026-06-03 14:38:14.198081	Details available ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. Published: 2018-08-27T14:00:00.000Z Updated: 2024-09-16T16:33:03.370Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2018-22	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-15694`	vulnerable	2026-06-03 14:38:14.196427	Details available ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled. Published: 2018-08-27T14:00:00.000Z Updated: 2024-09-16T17:48:48.116Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2018-22	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.