SynopsisA web interface for ASUSTOR NAS devices running on the remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the ASUSTOR Data Master (ADM) web interface running on the remote web server is prior to 3.1.6. It is, therefore, affected by multiple vulnerabilities:
- CVE-2018-15694: Authenticated File Upload
- CVE-2018-15695: Authenticated Arbitrary File Deletion
- CVE-2018-15696: Authenticated Account Enumeration
- CVE-2018-15697: Authenticated File Disclosure
- CVE-2018-15698: Authenticated File Disclosure
- CVE-2018-15699: MITM XSS
SolutionUpgrade to ASUSTOR Data Master (ADM) version 3.1.6 or later.