We use cookies to help us improve our webpage. Please read our Cookie Policy .

ASUSTOR Product Security Advisory

AS-2023-003: ADM

2023-06-29

Severity

Moderate

Status

Resolved

Statement

A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.

  • The issue has been resolved on ADM 4.2.1.RGE2 and ADM 4.0.6.RIS1.

Affected Products

Product Severity Fixed Release Availability
ADM 4.2 and 4.1 Moderate Upgrade to 4.2.1.RGE2 or above.
ADM 4.0 Moderate Upgrade to 4.0.6.RIS1 or above.

Detail

  • CVE-2023-30770
    • Severity: High
    • CVSS3 Base Score: 7.1
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
    • A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.

Acknowledgement

LinYu, Li from Institute of Information Engineering, Chinese Academy of Sciences.


Revision

Revision Date Description
1 2023-04-14 Initial public release.
2 2023-04-17 CVE ID (CVE-2023-30770) is assigned for the issue, and ADM 4.2.1.RGE2 has been released for fixing the issue.
3 2023-06-29 ADM 4.0.6.RIS1 has been released for fixing the issue.