Asustor Security Advisory AS-2023-006: Download Center
Download Center fails to properly validate file path submitted by user, attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions.
This is a Press Release edited by StorageNewsletter.com on June 7, 2023 at 2:00 pmAsustor Inc. had published a security advisory concerning the Download Center used on its NAS systems.
Severity: Important
Status: Ongoing
Statement
Download Center fails to properly validate the file path submitted by a user, an attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions.
Affected products
-
Product
Severity
Fixed release availability
Download Center on ADM 4.2 and 4.1
Important
Upgrade Download Center to 1.1.5.r1298 or above.
Download Center on ADM 4.0
Important
Ongoing.
Detail
- CVE-2023-2749
- Severity: High
- CVSS3 Base Score: 8.6
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
- Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.
Acknowledgement
Zhiyong Xing, Inner Mongolia Xinyuan Network Security Technology Co., Ltd., China
Revision:
-
Revision
Date
Description
1
2023-05-31
Initial public release.
2
2023-05-31
CVE ID (CVE-2023-2749) is assigned for the issue.
Subscribe to our free daily newsletter
