Login Sign Up

CVE-2023-4475

7.5 HIGH
Path Traversal

📋 TL;DR

An arbitrary file movement vulnerability in ASUSTOR Data Master (ADM) allows attackers to exploit the file renaming feature to move files to unintended directories. This affects ADM versions 4.0.6.RIS1, 4.1.0 and below, as well as ADM 4.2.2.RI61 and below. Attackers could potentially move sensitive files to accessible locations.

💻 Affected Systems

Products:
  • ASUSTOR Data Master (ADM)
Versions: ADM 4.0.6.RIS1, 4.1.0 and below; ADM 4.2.2.RI61 and below
Operating Systems: ASUSTOR ADM OS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations within affected version ranges are vulnerable by default.

📦 What is this software?

Data Master by Asustor

View all CVEs affecting Data Master →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could move sensitive system files to web-accessible directories, potentially exposing credentials, configuration files, or enabling further system compromise.

🟠

Likely Case

Unauthorized movement of user data files, potentially exposing sensitive documents or enabling data theft.

🟢

If Mitigated

Limited impact if proper access controls and network segmentation are in place, restricting attacker access to critical directories.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access to the ADM interface. The vulnerability is in the file renaming functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ADM 4.0.6.RIS2, 4.1.1, 4.2.2.RI62 or later

Vendor Advisory: https://www.asustor.com/security/security_advisory_detail?id=30

Restart Required: Yes

Instructions:

1. Log into ADM web interface. 2. Go to Settings > ADM Update. 3. Check for updates and install the latest version. 4. Restart the NAS when prompted.

🔧 Temporary Workarounds

Restrict ADM Web Interface Access

all

Limit access to the ADM web interface to trusted IP addresses only.

Disable Unnecessary Services

all

Disable any unnecessary file sharing or management services that provide access to the vulnerable functionality.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate ASUSTOR devices from untrusted networks
  • Enable detailed logging and monitoring for file movement operations in ADM

🔍 How to Verify

Check if Vulnerable:

Check ADM version in Settings > ADM Update. If version is 4.0.6.RIS1 or below, or 4.1.0 or below, or 4.2.2.RI61 or below, the system is vulnerable.

Check Version:

Check via ADM web interface: Settings > ADM Update

Verify Fix Applied:

Verify ADM version is 4.0.6.RIS2, 4.1.1, 4.2.2.RI62 or later after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file rename operations moving files between directories
  • Multiple failed rename attempts followed by successful moves

Network Indicators:

  • Unusual HTTP POST requests to file management endpoints from unexpected sources

SIEM Query:

source="asustor_adm" AND (event_type="file_rename" OR event_type="file_move") AND src_path!="*" AND dest_path CONTAINS "/web/" OR dest_path CONTAINS "/public/"

📊 Metadata

CVE ID: CVE-2023-4475
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-552
Published: August 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4475, you might also want to check these:

CVE-2025-41240 10.0

This critical vulnerability allows unauthenticated remote attackers to access Kubernetes secrets via...

Same vulnerability type (CWE-552)
CVE-2024-56731 10.0

This vulnerability allows unprivileged users in Gogs to delete files in the .git directory, leading ...

Same vulnerability type (CWE-552)
CVE-2024-6209 10.0

This vulnerability allows attackers to access files without authorization in ABB ASPECT-Enterprise, ...

Same vulnerability type (CWE-552)