PT-2023-22968 · Asustor · Asustor Data Master
Li
+1
·
Published
2023-04-17
·
Updated
2023-05-04
·
CVE-2023-30770
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ASUSTOR Data Master (ADM) versions 4.0.6.REG2, 4.1.0 and below
ASUSTOR Data Master (ADM) versions 4.2.0.RE71 and below
Description
A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code.
Recommendations
For versions 4.0.6.REG2 and 4.1.0 and below, update to a version above 4.1.0.
For versions 4.2.0.RE71 and below, update to a version above 4.2.0.RE71.
As a temporary workaround, consider implementing data size validation to prevent buffer overflow exploitation until a patch is available.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asustor Data Master