Vulnerabilities (CVE)

Filtered by vendor Asustor Subscribe

Filtered by product As602t

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-12308	1 Asustor	2 As602t, Data Master	2019-10-03	4.0 MEDIUM	6.5 MEDIUM
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
CVE-2018-12315	1 Asustor	2 As602t, Data Master	2019-10-03	4.0 MEDIUM	6.5 MEDIUM
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
CVE-2018-12310	1 Asustor	2 As602t, Data Master	2018-12-20	3.5 LOW	5.4 MEDIUM
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
CVE-2018-12311	1 Asustor	2 As602t, Data Master	2018-12-20	3.5 LOW	5.4 MEDIUM
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.