CVE-2022-37398

Summary

A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.

Affected Software

VendorProductVersion RangeStatus
ASUSTORADM3.5 <= 3.5.9.RUE3affected
ASUSTORADM4.0 <= 4.0.5.RVI1affected
ASUSTORADM4.1 <= 4.1.0.RJD1affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References