CVE-2023-30770

EUVD-2023-35134
A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
ASUSTOR1CNA
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
asustoradm
4.0.0.rib4 ≤
𝑥
≤ 4.0.6.reg2
asustoradm
4.1.0.rhu2 ≤
𝑥
< 4.2.1.rge2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.asustor.com/security/security_advisory_detail?id=21
https://www.asustor.com/security/security_advisory_detail?id=21