GCVE - cpe:2.3:a:asustor:asustor_data_master:3.1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asustor:asustor_data_master:3.1.0:*:*:*:*:*:*:*

part: a version: 3.1.0 update: *

Vendor	Asustor (`a60ead7f-da26-5f6a-b441-3328916770d4`)
Product	Asustor Data Master (`3d91d145-49dc-5132-b30a-e59da409b2ad`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-11511`	vulnerable	2026-06-08 05:10:38.599984	Details available The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI. Published: 2018-08-16T20:00:00.000Z Updated: 2024-08-05T08:10:14.640Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/45200/ http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11509`	vulnerable	2026-06-08 05:10:38.598081	Details available ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. Published: 2018-08-16T20:00:00.000Z Updated: 2024-08-05T08:10:14.942Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/45200/ http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.