We gebruiken cookies om onze webpagina te verbeteren. Raadpleeg ons cookiebeleid .

ASUSTOR Product Beveiligings Advies

AS-2026-003: GNU Inetutils

2026-02-06

Severity

Not affected

Status

Resolved

Statement

A critical security vulnerability has been discovered in GNU Inetutils versions 1.9.3 to 2.7.

None of ASUSTOR's products are affected by CVE-2026-24061 as GNU Inetutils is not used in ASUSTOR products.


Affected Products

Product Severity Fixed Release Availability
ADM 5.0 Not affected N/A
ADM 4.3, ADM 4.2 and 4.1 Not affected N/A

Detail

  • CVE-2026-24061
    • Severity: Critical
    • CVSS3.1 Base Score: 9.8
    • CVSS3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    • telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Reference


Revision

Revision Date Description
1 2026-02-06 Initial public release.