CVE-2023-2910

2023-08-1710:15:10

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023-2910

command injection

asustor data master

printer service

adm 4.0.6.ris1

adm 4.1.0

adm 4.2.2.ri61

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

Improper neutralization of special elements used in a command (‘Command Injection’) vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

Affected configurations

NVD

Node

asustordata_masterRange4.0.0.rib4–4.0.6.ris1

asustordata_masterRange4.1.0.rhu2–4.2.3.rk91

CPENameOperatorVersion
asustor:data_masterasustor data masterle4.0.6.ris1
asustor:data_masterasustor data masterlt4.2.3.rk91

CPE	Name	Operator	Version
asustor:data_master	asustor data master	le	4.0.6.ris1
asustor:data_master	asustor data master	lt	4.2.3.rk91

CNA Affected

[
  {
    "defaultStatus": "affected",
    "packageName": "Printer Service",
    "platforms": [
      "Linux",
      "x86",
      "ARM",
      "64 bit"
    ],
    "product": "ADM",
    "vendor": "ASUSTOR",
    "versions": [
      {
        "lessThanOrEqual": "4.0.6.RIS1",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.1.0.RLQ1",
        "status": "affected",
        "version": "4.1",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.2.2.RI61",
        "status": "affected",
        "version": "4.2",
        "versionType": "custom"
      }
    ]
  }
]