CVE-2018-11340
Last modified
CVE-2018-11340 is a vulnerability of currently unknown severity. An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.. EPSS estimates a 2.11% chance of exploitation in the next 30 days.
Description
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Asustor | As6202t Firmware | <= adm_3.1.0.rfq3 |
References
- http://seclists.org/fulldisclosure/2018/May/2Exploit, Mailing List, Third Party Advisory
- https://github.com/mefulton/asustorexploitExploit, Third Party Advisory
- https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitationExploit, Third Party Advisory
- http://seclists.org/fulldisclosure/2018/May/2Exploit, Mailing List, Third Party Advisory
- https://github.com/mefulton/asustorexploitExploit, Third Party Advisory
- https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitationExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11340?
How severe is CVE-2018-11340?
How do I fix CVE-2018-11340?
Are you affected by CVE-2018-11340?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST