cbcvebase.
CVE-2023-2910
published 2023-08-17

CVE-2023-2910: Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM)…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.34%
67.8th percentile
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.

Affected

9 ranges
VendorProductVersion rangeFixed in
asustoradm4.0 – 4.0.6.RIS1
asustoradm4.1 – 4.1.0.RLQ1
asustoradm4.2 – 4.2.2.RI61
asustordata_master4.0.0.rib4 – 4.0.6.ris1
asustordata_master>= 4.1.0.rhu2 < 4.2.3.rk914.2.3.rk91
linuxlinux_kernel>= 5.15.0 < 5.15.1115.15.111
linuxlinux_kernel>= 5.16.0 < 6.1.286.1.28
linuxlinux_kernel>= 6.2.0 < 6.2.156.2.15
linuxlinux_kernel>= 6.3.0 < 6.3.26.3.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.