User Account Enumeration Vulnerability in ASUSTOR Data Master 3.1.5 and Below

User Account Enumeration Vulnerability in ASUSTOR Data Master 3.1.5 and Below

CVE-2018-15696 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.

Learn more about our User Device Pen Test.