CVE-2018-11510

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
28/06/2018
Last modified:
03/10/2019

Description

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:* 3.1.2.rhg1 (including)