CVE-2023-2749

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:asustor:download_center:*:*:*:*:*:*:*:*
OR cpe:2.3:a:asustor:adm:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:asustor:adm:4.2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:59

Type Values Removed Values Added
References () https://www.asustor.com/security/security_advisory_detail?id=24 - Vendor Advisory () https://www.asustor.com/security/security_advisory_detail?id=24 - Vendor Advisory
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 8.6

07 Jun 2023, 14:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-276
References (MISC) https://www.asustor.com/security/security_advisory_detail?id=24 - (MISC) https://www.asustor.com/security/security_advisory_detail?id=24 - Vendor Advisory
CPE cpe:2.3:a:asustor:download_center:*:*:*:*:*:*:*:*
cpe:2.3:a:asustor:adm:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:asustor:adm:4.1.0:*:*:*:*:*:*:*

31 May 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-31 09:15

Updated : 2024-11-21 07:59


NVD link : CVE-2023-2749

Mitre link : CVE-2023-2749

CVE.ORG link : CVE-2023-2749


JSON object : View

Products Affected

asustor

  • download_center
  • adm
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-276

Incorrect Default Permissions