Developers: | Asustor |
Date of the premiere of the system: | October 2012 |
Last Release Date: | 2022/10/04 |
Technology: | OS, DSS |
Content |
The main articles are:
2022: Addressing a Vulnerability in Networked Storage
Positive Technologies expert Nikita Abramov discovered a vulnerability in the ASUSTOR Data Master (ADM) operating system, which is used to manage Network Attached Storage (NAS) devices. An attacker could remotely execute arbitrary code on the operating system of NAS devices. PT announced this on October 4, 2022.
Vulnerability CVE-2022-37398 (BDU:2022-05028) received a score of 7.1 on the CVSS v3 scale, which corresponds to a high level of danger.
On the Internet, you could find IP addresses of about 3,700 potentially vulnerable NAS devices. Most of these devices were found in, Taiwan,, PEOPLE'S REPUBLIC OF CHINA,, South Korea,, Germany, and USA. France Russia Japan Hong Kong Singapore
When exploiting buffer overflow vulnerabilities, as in this case, an attacker is able to write outside the allocated buffer using the attacked subroutine. Sometimes this can lead to a violation of program logic, a denial of service (DoS) or, in some cases, arbitrary code execution, which allows you to execute various scenarios on the side of the attacked node, "said Nikita Abramov. - For example, install malware to intercept data, use ransomware, download confidential data. Very often, such errors occur if there is no check for the maximum length of the received data or if it is incorrectly processed. In this case, the code on the attacked device can be successfully executed by an error that occurs when working with the header of the incoming request, as well as the lack of the necessary protection mechanisms against operation of the executable application. |
Several versions of ASUSTOR Data Master are affected by the discovered vulnerability: 3.5.9.RUE3, 4.0.5.RVI1, 4.1.0.RJD1, as well as earlier versions of this software. As a temporary solution, device administrators can disable the WebDAV protocol. To fix the vulnerability, ASUSTOR experts recommend updating vulnerable versions of the product to the following or newer versions:
- ADM 4.1 needs to be upgraded to version 4.1.0.RKM1;
- ADM 4.0 needs to be upgraded to version 4.0.5.RWM1;
- ADM 3.5 needs to be upgraded to version 3.5.9.RWM1.
Malicious attacks on network storage have been widespread in the past year. In February 2022, owners of ASUSTOR NAS devices reported on Reddit pages and on the official ASUSTOR forum about attacks by the DeadBolt ransomware. Earlier, in January 2022, according to Positive Technologies' Current Cyber Threats: 2022 Q1 report, QNAP NAS devices were massively encrypted using Qlocker and DeadBolt ransomware.
2014: Asustor Data Master (ADM) 2.0
ASUSTOR released the official version of the ASUSTOR Data Master (ADM) 2.2 operating system for NAS from ASUSTOR in the summer of 2014. In addition to the features present in the early version of the OS, the final release brought with it a beta version of the Mail Server application and support for external optical drives (CD, DVD, Blu-ray). Mail Server is an extremely important program for corporate clients that allows encrypted e-mail transmission, as well as its backup on a schedule. Support for external optical drives allows users to connect external drives (CD, DVD, Blu-ray) to the NAS and access data on optical media.
ADM 2.2 is available for all NAS models from ASUSTOR. After installing the update, users will be able to take advantage of all OS improvements, as well as new applications from App Central. ASUSTOR will soon also release the AiFoto mobile application, which will allow you to manage photos located on the NAS using a smartphone or tablet for this.
New key features of ADM 2.2:
- "Night Mode" mode;
- hibernation indicators for HDD;
- Support for a multilingual username
- advanced UPS functionality;
- supports external optical drives (CD, DVD, Blu-ray).
New applications:
- Photo Gallery;
- MiniDLNA;
- Google Drive;
- • HiDrive;
- • Mail Server.
New addon for Chrome/FireFox:
- Download Helper (download video streaming in one click).
2012: Asustor Data Master (ADM) 1.0
In December 2012, ASUSTOR Inc., a developer and manufacturer of innovative networked storage solutions, announced the launch of a demo site for its proprietary networked storage operating system, ASUSTOR Data Master (ADM) 1.0. On this site, each user will be able to test the functions and capabilities of the ADM OS online.
'We are pleased to announce the launch of a new demo site, 'ASUSTOR product manager Steve Huang said.' The demo site will allow users to make their own idea before purchasing our NAS about what ADM is and how fresh the idea used to implement the user interface is and how convenient the device is management.'
The ASUSTOR Data Master (ADM) 1.0 operating system is installed on all ASUSTOT AS 6 series network stores, which were officially announced in November 2012. Created on a modular basis, ADM offers important features such as cross-platform file access, energy efficiency and the ability to expand functionality by installing new applications available for download on App Central. The interface of the new ADM OS has such capabilities as a modern configuration and control system, real multitasking with the ability to perform processes in the background, as well as instant search for applications to run. Moreover, thanks to a developed system of data protection and backup, easy integration into easy IT infrastructure, remote access and a wide range of multimedia functions, the ADM OS can be equally successfully applied both for solving business problems and in the conditions of the modern digital home.