This critical command injection vulnerability affects the PPTP VPN client component of Asustor ADM, the operating system for widely used Asustor network-attached storage (NAS) devices. Insufficient input validation allows an authenticated administrative attacker to execute arbitrary system commands on the underlying operating system. Successful exploitation results in full compromise of the affected NAS device.
Remediation
Apply the latest official security patch from Asustor for ADM to remediate this vulnerability. Restrict administrative access to the ADM web interface to only trusted network ranges. Disable PPTP VPN client functionality if it is not in use on affected devices.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.