Path Traversal Vulnerability in ASUSTOR Data Master 3.1.5 and Below Allows Remote File Deletion

Path Traversal Vulnerability in ASUSTOR Data Master 3.1.5 and Below Allows Remote File Deletion

CVE-2018-15695 · HIGH Severity

AV:N/AC:L/AU:S/C:N/I:C/A:C

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.

Learn more about our User Device Pen Test.