Stéphane Chauveau

**Name of the Vulnerable Software and Affected Versions** ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 and below ASUSTOR Data Master (ADM) versions 4.1.0 and below ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below **Description** An Arbitrary File Movement issue was found in ASUSTOR Data Master (ADM), allowing an attacker to exploit the file renaming feature and move files to unintended directories. The vulnerability is related to the use of files and directories accessible to external parties, which can be exploited by an attacker to move arbitrary files. **Recommendations** For ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 and below, consider restricting access to the file renaming feature until a patch is available. For ASUSTOR Data Master (ADM) versions 4.1.0 and below, avoid using the file renaming feature in sensitive directories. For ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below, limit the use of external files and directories to minimize the risk of exploitation. As a temporary workaround, consider disabling the file renaming feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 and below ASUSTOR Data Master (ADM) versions 4.1.0 and below ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below **Description** The issue is related to improper privilege management in ASUSTOR Data Master (ADM), allowing an unprivileged local user to modify the configuration of storage devices. **Recommendations** For ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 and below, update to a version above 4.0.6.RIS1 to resolve the issue. For ASUSTOR Data Master (ADM) versions 4.1.0 and below, update to a version above 4.1.0 to resolve the issue. For ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below, update to a version above 4.2.2.RI61 to resolve the issue.