CVE-2023-2749

Published: May 31, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.

Affected (1)

Products: Asustor: Download Center

1 product

Download Center

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Asustor Download Center	From 1.1.5 to 1.1.5.r1298

Running on/with	Platform Versions
Asustor Adm	Version 4.1.0
Asustor Adm	Version 4.2.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.asustor.com/security/security_advisory_detail?id=24

Source: security@asustor.com

Vendor Advisory

https://www.asustor.com/security/security_advisory_detail?id=24

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.