CVE-2023-2910

Severity CVSS v4.0:
Pending analysis
Type:
CWE-77 Command Injection
Publication date:
17/08/2023
Last modified:
23/08/2023

Description

Improper neutralization of special elements used in a command (&amp;#39;Command Injection&amp;#39;) vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.<br />

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:* 4.0.0.rib4 (including) 4.0.6.ris1 (including)
cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:* 4.1.0.rhu2 (including) 4.2.3.rk91 (excluding)


References to Advisories, Solutions, and Tools