We use cookies to help us improve our webpage. Please read our Cookie Policy .

AS-2023-003: ADM

2023-04-17

Severity

Moderate

Status

Ongoing


Statement

A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.

The issue has been resolved on ADM 4.2.1.RGE2.


Affected Products

Product Severity Fixed Release Availability
ADM 4.2 and 4.1 Moderate Upgrade to 4.2.1.RGE2 or above.
ADM 4.0 Moderate Ongoing.

Detail

  • CVE-2023-30770
    • Severity: High
    • CVSS3 Base Score: 7.1
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
    • A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.

Acknowledgement

LinYu, Li from Institute of Information Engineering, Chinese Academy of Sciences.


Revision

Revision Date Description
1 2023-04-14 Initial public release.
2 2023-04-17 CVE ID (CVE-2023-30770) is assigned for the issue, and ADM 4.2.1.RGE2 has been released for fixing the issue.