ASUSTOR AS602T
Approved changes feed: RSS · Atom
cpe:2.3:h:asustor:as602t:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Asustor (a60ead7f-da26-5f6a-b441-3328916770d4) |
|---|---|
| Product | As602T (d27c5d0c-172a-5298-b075-ceef8849ac58) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-12319 |
not_vulnerable | 2026-06-08 05:10:41.366989 |
Details available
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.933Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12318 |
not_vulnerable | 2026-06-08 05:10:41.366551 |
Details available
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.927Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12316 |
not_vulnerable | 2026-06-08 05:10:41.361937 |
Details available
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.738Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12315 |
not_vulnerable | 2026-06-08 05:10:41.361653 |
Details available
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.987Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12314 |
not_vulnerable | 2026-06-08 05:10:41.361372 |
Details available
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.625Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12313 |
not_vulnerable | 2026-06-08 05:10:41.361070 |
Details available
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.830Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12312 |
not_vulnerable | 2026-06-08 05:10:41.360784 |
Details available
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12311 |
not_vulnerable | 2026-06-08 05:10:41.360486 |
Details available
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.827Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12310 |
not_vulnerable | 2026-06-08 05:10:41.360105 |
Details available
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.858Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12309 |
not_vulnerable | 2026-06-08 05:10:41.359790 |
Details available
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.642Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12308 |
not_vulnerable | 2026-06-08 05:10:41.359374 |
Details available
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.760Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12307 |
not_vulnerable | 2026-06-08 05:10:41.359047 |
Details available
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.826Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12306 |
not_vulnerable | 2026-06-08 05:10:41.358636 |
Details available
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
Published: 2018-12-04T17:00:00.000Z
Updated: 2024-08-05T08:30:59.820Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.