漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
A stack-based buffer overflow vulnerability in the VPN Clients on the ADM
Vulnerability Description
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
CVSS Information
N/A
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
ASUSTOR ADM 安全漏洞
Vulnerability Description
ASUSTOR ADM是中国华芸科技(ASUSTOR)公司的一种所有 ASUSTOR NAS 设备的专用操作系统。 ASUSTOR ADM 4.1.0至4.3.3.RR42版本和5.0.0至5.1.2.REO1版本存在安全漏洞,该漏洞源于VPN客户端使用无界sscanf函数并将用户控制数据直接传递给printf函数,可能导致经过身份验证的远程攻击者以Web服务器用户身份执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A