CVE-2023-2910
📋 TL;DR
This CVE describes a command injection vulnerability in ASUSTOR Data Master (ADM) printer service that allows remote unauthorized attackers to execute arbitrary commands on affected systems. The vulnerability affects ADM versions 4.0.6.RIS1, 4.1.0 and below, as well as ADM 4.2.2.RI61 and below. Attackers can exploit this without authentication to potentially gain full control of the NAS device.
💻 Affected Systems
- ASUSTOR Data Master (ADM)
📦 What is this software?
Data Master by Asustor
Data Master by Asustor
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary commands with root privileges, install malware, exfiltrate data, pivot to other systems, or render the NAS unusable.
Likely Case
Remote code execution leading to data theft, ransomware deployment, or use as a foothold for lateral movement within the network.
If Mitigated
Limited impact if systems are isolated, have strict network controls, and the printer service is disabled or not exposed.
🎯 Exploit Status
Command injection vulnerabilities typically have low exploitation complexity, especially when unauthenticated. While no public PoC is confirmed, similar vulnerabilities are often weaponized quickly.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ADM 4.0.6.RIS2, ADM 4.1.1, ADM 4.2.3.RI62 or later
Vendor Advisory: https://www.asustor.com/security/security_advisory_detail?id=27
Restart Required: Yes
Instructions:
1. Log into ADM web interface. 2. Go to System Information > ADM Update. 3. Check for updates and install the latest version. 4. Restart the NAS when prompted.
🔧 Temporary Workarounds
Disable Printer Service
allDisable the vulnerable printer service to prevent exploitation
# Via ADM web interface: Services > Printer > Disable
Network Segmentation
linuxRestrict network access to ASUSTOR NAS devices
# Configure firewall rules to block external access to NAS management ports
# Example iptables: iptables -A INPUT -p tcp --dport 8000,8001 -j DROP
🧯 If You Can't Patch
- Immediately disable the printer service via ADM web interface
- Isolate affected NAS devices from internet and restrict internal network access using firewall rules
🔍 How to Verify
Check if Vulnerable:
Check ADM version via web interface: System Information > ADM Update. If version is 4.0.6.RIS1 or below, 4.1.0 or below, or 4.2.2.RI61 or below, the system is vulnerable.Check Version:
# SSH into NAS and run: cat /etc/nas.conf | grep versionVerify Fix Applied:
After updating, verify ADM version is 4.0.6.RIS2 or later, 4.1.1 or later, or 4.2.3.RI62 or later.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in system logs
- Printer service access from unexpected IPs
- Suspicious process creation
Network Indicators:
- Unexpected outbound connections from NAS
- Traffic to printer service ports (typically 9100, 515, 631)
SIEM Query:
source="asustor_nas" AND (event="command_execution" OR service="printer") AND user="unauthorized"