CVE-2023-30770

A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
ASUSTOR1CNA
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
asustoradm
4.0.0.rib4 ≤
𝑥
≤ 4.0.6.reg2
asustoradm
4.1.0.rhu2 ≤
𝑥
< 4.2.1.rge2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.asustor.com/security/security_advisory_detail?id=21
https://www.asustor.com/security/security_advisory_detail?id=21