This page lists publicly disclosed CVE vulnerabilities affecting asustor asustor_data_master (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-11511 | The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI. | [email protected] | 9.8 | 19.66% | 2018-08-16 | 2024-11-21 |
| CVE-2018-11509 | ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. | [email protected] | 9.8 | 15.57% | 2018-08-16 | 2024-11-21 |