Vulnerability Details CVE-2023-2910
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.1%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-2910
-
cpe:2.3:o:asustor:data_master:4.0.0.rib4
-
cpe:2.3:o:asustor:data_master:4.0.0.rj54
-
cpe:2.3:o:asustor:data_master:4.0.0.rk41
-
cpe:2.3:o:asustor:data_master:4.0.0.rkv2
-
cpe:2.3:o:asustor:data_master:4.0.0.rmd2
-
cpe:2.3:o:asustor:data_master:4.0.0.rn53
-
cpe:2.3:o:asustor:data_master:4.0.1.rog1
-
cpe:2.3:o:asustor:data_master:4.0.2.rpl2
-
cpe:2.3:o:asustor:data_master:4.0.3.rq81
-
cpe:2.3:o:asustor:data_master:4.0.4.rqo2
-
cpe:2.3:o:asustor:data_master:4.0.4.rr23
-
cpe:2.3:o:asustor:data_master:4.0.5.rrs1
-
cpe:2.3:o:asustor:data_master:4.0.5.rt42
-
cpe:2.3:o:asustor:data_master:4.0.5.rtu2
-
cpe:2.3:o:asustor:data_master:4.0.5.rue3
-
cpe:2.3:o:asustor:data_master:4.0.5.rvi1
-
cpe:2.3:o:asustor:data_master:4.0.5.rwm1
-
cpe:2.3:o:asustor:data_master:4.0.6.rcr1
-
cpe:2.3:o:asustor:data_master:4.0.6.rcr2
-
cpe:2.3:o:asustor:data_master:4.0.6.reg2
-
cpe:2.3:o:asustor:data_master:4.0.6.ris1
-
cpe:2.3:o:asustor:data_master:4.1.0.rhu2
-
cpe:2.3:o:asustor:data_master:4.1.0.rj72
-
cpe:2.3:o:asustor:data_master:4.1.0.rjd1
-
cpe:2.3:o:asustor:data_master:4.1.0.rkm1
-
cpe:2.3:o:asustor:data_master:4.1.0.rlq1
-
cpe:2.3:o:asustor:data_master:4.2.0.rc81
-
cpe:2.3:o:asustor:data_master:4.2.0.re71
-
cpe:2.3:o:asustor:data_master:4.2.1.rge2
-
cpe:2.3:o:asustor:data_master:4.2.2.ri61