CVE-2018-11346 - OpenCVE

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Asustor	As6202t As6202t Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asustor:as6202t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asustor:as6202t:-:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/fulldisclosure/2018/May/2	Exploit Mailing List Third Party Advisory
https://github.com/mefulton/asustorexploit	Exploit Third Party Advisory
https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-22T01:00:00

Updated: 2018-08-16T19:57:01

Reserved: 2018-05-21T00:00:00

Link: CVE-2018-11346

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-05-22T01:29:00.840

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-11346

JSON object: View

Redhat Information

No data.

CWE

CWE-425

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the \"download_sys_settings\" action and then specify files arbitrarily throughout the system via the act parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-16T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mefulton/asustorexploit"}, {"name": "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2018/May/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11346", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the \"download_sys_settings\" action and then specify files arbitrarily throughout the system via the act parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation", "refsource": "MISC", "url": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation"}, {"name": "https://github.com/mefulton/asustorexploit", "refsource": "MISC", "url": "https://github.com/mefulton/asustorexploit"}, {"name": "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2018/May/2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11346", "datePublished": "2018-05-22T01:00:00", "dateReserved": "2018-05-21T00:00:00", "dateUpdated": "2018-08-16T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asustor:as6202t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F171B99E-57F5-4D47-BC86-C2381234D129", "versionEndIncluding": "adm_3.1.0.rfq3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asustor:as6202t:-:*:*:*:*:*:*:*", "matchCriteriaId": "22EA81DF-4F15-4327-ADA6-2A53E7230559", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the \"download_sys_settings\" action and then specify files arbitrarily throughout the system via the act parameter."}, {"lang": "es", "value": "Una vulnerabilidad de referencia directa a objetos insegura en download.cgi en ASUSTOR AS6202T ADM 3.1.0.RFQ3 permite llamar a la acci\u00f3n \"download_sys_settings\" y especificar archivos de forma arbitraria a trav\u00e9s del sistema mediante el par\u00e1metro act."}], "id": "CVE-2018-11346", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-22T01:29:00.840", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/May/2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mefulton/asustorexploit"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-425"}], "source": "nvd@nist.gov", "type": "Primary"}]}