PT-2023-7627 · Asustor · Asustor Data Master
Published
2023-08-17
·
Updated
2023-11-29
·
CVE-2023-2910
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 through 4.1.0
ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below
Description
The issue is related to improper neutralization of special elements used in a command, allowing remote unauthorized users to execute arbitrary commands via unspecified vectors. This affects the Printer service functionality in ASUSTOR Data Master (ADM).
Recommendations
For ASUSTOR Data Master (ADM) versions 4.0.6.RIS1 through 4.1.0, update to a version above 4.1.0 to resolve the issue.
For ASUSTOR Data Master (ADM) versions 4.2.2.RI61 and below, update to a version above 4.2.2.RI61 to resolve the issue.
As a temporary workaround, consider disabling the Printer service functionality in ASUSTOR Data Master (ADM) until a patch is available.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asustor Data Master