CVE-2018-15697

Summary

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.

Affected Software

VendorProductVersion RangeStatus
TenableASUSTOR Data Master3.1.5 and belowaffected

Weaknesses

  • Insufficient Protections

ADP Enrichment

CVE Program Container

Additional References

References