Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.
References
Link | Resource |
---|---|
https://www.asustor.com/security/security_advisory_detail?id=24 | Vendor Advisory |
https://www.asustor.com/security/security_advisory_detail?id=24 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.asustor.com/security/security_advisory_detail?id=24 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
07 Jun 2023, 14:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-276 | |
References | (MISC) https://www.asustor.com/security/security_advisory_detail?id=24 - Vendor Advisory | |
CPE | cpe:2.3:a:asustor:download_center:*:*:*:*:*:*:*:* cpe:2.3:a:asustor:adm:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:asustor:adm:4.1.0:*:*:*:*:*:*:* |
31 May 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-31 09:15
Updated : 2024-11-21 07:59
NVD link : CVE-2023-2749
Mitre link : CVE-2023-2749
CVE.ORG link : CVE-2023-2749
JSON object : View
Products Affected
asustor
- download_center
- adm