A Command injection vulnerability was found on Printer service of ADM
CVE-2023-2910
8.8HIGH
What is CVE-2023-2910?
A command injection vulnerability exists in the Printer service functionality of ASUSTOR Data Master (ADM). This flaw permits unauthorized remote users to execute arbitrary commands through unspecified vectors, rendering affected systems susceptible to various security risks. The vulnerability impacts multiple versions of ADM, specifically 4.0.6.RIS1, any version below 4.1.0, and versions up to 4.2.2.RI61. Organizations using the affected products should review their security measures and consider applying necessary patches or updates.
Affected Version(s)
ADM Linux 4.0 <= 4.0.6.RIS1
ADM Linux 4.0 <= 4.0.6.RIS1
ADM Linux 4.1 <= 4.1.0.RLQ1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
atdog (@atdog_tw) and Lays (@_L4ys) of TRAPA Security