CVE-2023-30770

Published Apr 17, 2023

Last updated 2 years ago

Overview

Description: A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.
Source: security@asustor.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-787
security@asustor.com: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "405FA5F6-2C64-4ED6-ABB6-F2A20C3E3BFA",
            "versionEndIncluding": "4.0.6.reg2",
            "versionStartIncluding": "4.0.0.rib4"
          },
          {
            "criteria": "cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D979C00B-026E-4EAF-8197-B1E689CFEC7F",
            "versionEndExcluding": "4.2.1.rge2",
            "versionStartIncluding": "4.1.0.rhu2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References