CVE-2023-3697

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
asustordata_master
4.0.0.rib4 ≤
𝑥
≤ 4.0.6.ris1
asustordata_master
4.1.0.rhu2 ≤
𝑥
< 4.2.3.rk91
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
asustoradm
4.0 ≤
𝑥
≤ 4.0.6.RIS1
ADP
asustoradm
4.1 ≤
𝑥
≤ 4.1.0.RLQ1
ADP
asustoradm
4.2 ≤
𝑥
≤ 4.2.2.RI61
ADP
Common Weakness Enumeration
References
https://www.asustor.com/security/security_advisory_detail?id=28
https://www.asustor.com/security/security_advisory_detail?id=28