CVE-2023-2910
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
17/08/2023
Last modified:
23/08/2023
Description
Improper neutralization of special elements used in a command (&#39;Command Injection&#39;) vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.<br />
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:* | 4.0.0.rib4 (including) | 4.0.6.ris1 (including) |
cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:* | 4.1.0.rhu2 (including) | 4.2.3.rk91 (excluding) |
To consult the complete list of CPE names with products and versions, see this page