CVE-2018-15695

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt