PT-2022-4181 · Asustor · Asustor Data Master
Nikita Abramov
·
Published
2022-07-22
·
Updated
2022-08-11
·
CVE-2022-37398
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ASUSTOR Data Master (ADM) versions 3.5.9.RUE3 and below
ASUSTOR Data Master (ADM) versions 4.0.5.RVI1 and below
ASUSTOR Data Master (ADM) versions 4.1.0.RJD1 and below
Description
A stack-based buffer overflow vulnerability was found in ASUSTOR Data Master (ADM) when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code.
Recommendations
For versions 3.5.9.RUE3 and below, update to a version above 3.5.9.RUE3 to resolve the issue.
For versions 4.0.5.RVI1 and below, update to a version above 4.0.5.RVI1 to resolve the issue.
For versions 4.1.0.RJD1 and below, update to a version above 4.1.0.RJD1 to resolve the issue.
As a temporary workaround, consider disabling WebDAV until a patch is available.
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Asustor Data Master