Unauthenticated Remote Code Execution Vulnerability in ASUSTOR ADM 3.1.0.RFQ3 NAS Portal

Unauthenticated Remote Code Execution Vulnerability in ASUSTOR ADM 3.1.0.RFQ3 NAS Portal

CVE-2018-11510 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.

Learn more about our Api Penetration Testing.