SQL Injection?

[Stipo]

Hello everyone,

I have an AS6404T with the current version of ADM 3.5.3.RBH1 and today i got some scary messages from the AiMaster-App...


After a short look into the logs via the app, I shutdown the system and unplugged it.
I made screenshots of the notefications, because the log-files don't show anything, only the bad-block scan and the login from yesterday and from today, but nothing else.

I disconnected it from my LAN booted it, now I'm connected directly with my laptop and I'm searching for changes.

I looked into tables of the mariaDB but i couldn't find anything weard, most of them are empty.
Also into the path "/usr/builtin/webman/portal..." and the subdirs, but I have no idea of the use of the files in this directories and what files could be deleted.
I found this article about a vulnerability
https://www.exploit-db.com/exploits/45200

There are no new users and all passwords are working fine.

Can someone help me?

Thank you.

[totoro81]

The very same thing happened to me a couple of hours ago.
I was using myasustor service and every once in a while I received a notification about a failed login attempt. I didn't pay much attention to that, but now this seems really scary. I immediately disabled myasustor service and disabled the port forwarding on the router, so I can only access the NAS locally.
Could someone at Asustor tell us something?