What is CVE-2018-11510?

CVE-2018-11510 is a vulnerability in N/a. Published 2018-06-28.

Is CVE-2018-11510 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-11510

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.

EPSS: 0.894 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

mefulton/CVE-2018-11510
0xT11/CVE-POC
20142995/nuclei-templates

References

45200 (exploit, x_refsource_EXPLOIT-DB)
packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execu… (x_refsource_MISC)
45212 (exploit, x_refsource_EXPLOIT-DB)
github.com/mefulton/CVE-2018-11510 (x_refsource_MISC)
github.com/mefulton/CVE-2018-11510/blob/master/admex.py (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-11510?: CVE-2018-11510 is a vulnerability in N/a. Published 2018-06-28.
Is CVE-2018-11510 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.