A Command injection vulnerability was found on Printer service of ADM
CVE-2023-2910

8.8HIGH

Key Information:

Vendor

Asustor

Status
Vendor
CVE Published:
17 August 2023

What is CVE-2023-2910?

A command injection vulnerability exists in the Printer service functionality of ASUSTOR Data Master (ADM). This flaw permits unauthorized remote users to execute arbitrary commands through unspecified vectors, rendering affected systems susceptible to various security risks. The vulnerability impacts multiple versions of ADM, specifically 4.0.6.RIS1, any version below 4.1.0, and versions up to 4.2.2.RI61. Organizations using the affected products should review their security measures and consider applying necessary patches or updates.

Affected Version(s)

ADM Linux 4.0 <= 4.0.6.RIS1

ADM Linux 4.0 <= 4.0.6.RIS1

ADM Linux 4.1 <= 4.1.0.RLQ1

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

atdog (@atdog_tw) and Lays (@_L4ys) of TRAPA Security
.