VYPR

Adm

by Asustor

CVEs (45)

  • CVE-2018-12306HigDec 4, 2018
    risk 0.49cvss 7.5epss 0.02

    Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.

  • CVE-2018-11341HigMay 22, 2018
    risk 0.47cvss 7.2epss 0.02

    Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.

  • CVE-2025-7699HigJul 16, 2025
    risk 0.46cvss epss 0.00

    An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter…

  • CVE-2023-2509HigMay 17, 2023
    risk 0.46cvss 7.1epss 0.00

    A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with…

  • CVE-2023-30770HigApr 17, 2023
    risk 0.46cvss 7.1epss 0.01

    A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71…

  • CVE-2022-37398HigAug 5, 2022
    risk 0.46cvss 7.1epss 0.01

    A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as…

  • CVE-2018-12315MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.

  • CVE-2018-12308MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.

  • CVE-2018-11344MedMay 22, 2018
    risk 0.42cvss 6.5epss 0.01

    A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.

  • CVE-2018-12305MedDec 4, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.

  • CVE-2025-7378MedJul 9, 2025
    risk 0.39cvss epss 0.00

    An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This…

  • CVE-2018-12311MedDec 4, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.

  • CVE-2018-12310MedDec 4, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.

  • CVE-2025-7618MedJul 14, 2025
    risk 0.31cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other sensitive information…

  • CVE-2025-7380MedJul 14, 2025
    risk 0.31cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM, the issue allows an attacker to inject malicious scripts into the folder name field while creating a new shared folder. These scripts are not properly sanitized and will be executed when the…

  • CVE-2018-11342MedMay 22, 2018
    risk 0.28cvss 4.3epss 0.01

    A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.

  • CVE-2026-3179Feb 25, 2026
    risk 0.00cvss epss 0.00

    The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup…

  • CVE-2026-3100Feb 25, 2026
    risk 0.00cvss epss 0.00

    The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle (MitM)…

  • CVE-2026-24936Feb 3, 2026
    risk 0.00cvss epss 0.01

    When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this…

  • CVE-2026-24935Feb 3, 2026
    risk 0.00cvss epss 0.00

    A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle (MitM) attacker can intercept or redirect the NAT tunnel…