ADM 操作系统再跃进! 最新 4.2.2 版本功能一次看

SMB Backup

备份与还原中新增 SMB 备份功能，可与区

网里支持 SMB 服务的装置或其他 NAS 进

行备份任务

Share Link 快速上传

用户可以在 NAS 上建立 Share Link，将 Share

Link 传给家人或朋友浏览或下载，拥有连结的人可

以透过 Share Link 上传或下载文件至 NAS

上，无须再另外登入ADM

支持 WireGuard VPN 客户端

全新支持 WireGuard VPN 客户端，可

以让用户将 NAS 加入 WireGuard VPN

的服务器，体验更新的 VPN 通讯协议，

享受更快速的服务

Office 文件在线检视

档案总管中新增 Office 文件在线检视功能，

可以选择使用 Google Docs 或 Microsoft Office Online

直接于网页浏览器上检视 Office 文件档。

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. (CVE-2023-2509)

• The issue has been fixed on ADM 4.2.2.RI61.

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. (CVE-2023-2909)

• The issue has been fixed on ADM 4.2.2.RI61.

The Netatalk development team disclosed multiple fixed vulnerabilities affecting earlier versions of the software on the latest release of Netatalk 3.1.13: CVE-2022-43634 and CVE-2022-45188.

• Netatalk 3.1.13 patch has been updated on ADM 4.2.2.RI61 to resolve the issue.

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. (CVE-2023-2749)

• The issue has been fixed on Download Center 1.1.5.r1298 for ADM 4.2.

The PHP Group announced multiple vulnerabilities that have been fixed in the latest release of PHP 8.1.

CVE-2023-0662, CVE-2022-31631, CVE-2022-31630, CVE-2022-37454, CVE-2022-31628, CVE-2022-31629 and CVE-2022-31627 will affect ASUSTOR products with PHP 8.1 installed on ADM 4.1 or ADM 4.2

• Updates with PHP 8.1.18 has been released on App Central for ADM 4.2.2.