ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2018-22 | Exploit Third Party Advisory |
Configurations
Information
Published : 2018-08-27 07:29
Updated : 2018-10-30 07:00
NVD link : CVE-2018-15698
Mitre link : CVE-2018-15698
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
asustor
- data_master