GCVE - cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:asustor:data_master:3.1.1:*:*:*:*:*:*:*

part: o version: 3.1.1 update: *

Vendor	Asustor (`a60ead7f-da26-5f6a-b441-3328916770d4`)
Product	Data Master (`55f7a0bf-170d-5077-9ada-ad2a52eda7b4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-12319`	vulnerable	2026-06-08 05:10:41.366963	Details available Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.933Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12318`	vulnerable	2026-06-08 05:10:41.366527	Details available Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.927Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12317`	vulnerable	2026-06-08 05:10:41.362199	Details available OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.921Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12316`	vulnerable	2026-06-08 05:10:41.361916	Details available OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.738Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12315`	vulnerable	2026-06-08 05:10:41.361633	Details available Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.987Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12314`	vulnerable	2026-06-08 05:10:41.361352	Details available Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.625Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12313`	vulnerable	2026-06-08 05:10:41.361049	Details available OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.830Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12312`	vulnerable	2026-06-08 05:10:41.360764	Details available OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.944Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12311`	vulnerable	2026-06-08 05:10:41.360465	Details available Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.827Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12310`	vulnerable	2026-06-08 05:10:41.360086	Details available Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.858Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12309`	vulnerable	2026-06-08 05:10:41.359769	Details available Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.642Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12308`	vulnerable	2026-06-08 05:10:41.359354	Details available Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.760Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12307`	vulnerable	2026-06-08 05:10:41.359024	Details available OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.826Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12306`	vulnerable	2026-06-08 05:10:41.357562	Details available Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.820Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12305`	vulnerable	2026-06-08 05:10:41.357156	Details available Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. Published: 2018-12-04T17:00:00.000Z Updated: 2024-08-05T08:30:59.695Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.