Medium severity4.3NVD Advisory· Published May 22, 2018· Updated Jun 17, 2026
CVE-2018-11346
CVE-2018-11346
Description
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- seclists.org/fulldisclosure/2018/May/2nvdExploitMailing ListThird Party Advisory
- www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitationnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.