CVE-2023-2910

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
asustordata_master
4.0.0.rib4 ≤
𝑥
≤ 4.0.6.ris1
asustordata_master
4.1.0.rhu2 ≤
𝑥
< 4.2.3.rk91
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
asustoradm
4.0 ≤
𝑥
≤ 4.0.6.RIS1
ADP
asustoradm
4.1 ≤
𝑥
≤ 4.1.0.RLQ1
ADP
asustoradm
4.2 ≤
𝑥
≤ 4.2.2.RI6
ADP
Common Weakness Enumeration
References
https://www.asustor.com/security/security_advisory_detail?id=27
https://www.asustor.com/security/security_advisory_detail?id=27