Default root:admin credentials used for ASUSTOR ADM 3.1.0.RFQ3 applications pose a webshell upload vulnerability

Default root:admin credentials used for ASUSTOR ADM 3.1.0.RFQ3 applications pose a webshell upload vulnerability

CVE-2018-11509 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.

Learn more about our Web App Pen Testing.