CVE-2022-37398 HIGH

CVE-2022-37398: A stack-based buffer overflow vulnerability was found on ADM

Vendor Asustor
Product ADM
Weakness CWE-121
Published August 5, 2022
Last update June 2, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.

Key dates

02Disclosure timeline

August 5, 2022 CVE published
June 2, 2026 Record updated