ASUSTOR NAS 現已支援 Seagate 最新推出的 IronWolf® Pro 30TB 企業級硬碟！此款硬碟搭載全新 Mozaic 3+ 技術，單顆硬碟就能大幅提升儲存密度，替企業節省空間，同時維持穩定、高效的資料儲存環境。若搭配上AS68 系列 NAS 的10 Bay 機種，總儲存容量最高可達 300TB! 輕鬆打造效能與彈性兼具的企業級儲存方案。

＊支援型號：AS 33/33 v2/54/67/68/71 系列及 AS5004U 擴充裝置 (其餘型號陸續更新中)

想入手 30TB 硬碟擴充 NAS 容量和提升資料安全性，又不知道怎麼搭配最好?
使用 ASUSTOR 的 RAID 容量計算機，只要拖曳硬碟容量、選擇 RAID 類型，就能立即獲得最適合的配置建議。

買硬碟前先動手試試看 ，RAID 計算機傳送門: https://www.asustor.com/service/raid_calculator

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as "C:\Program.exe". If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.
Affected products and versions include: ABP (ASUSTOR Backup Plan) 2.0.7.6130 and earlier as well as AES (ASUSTOR EZSync) 1.0.6.6133 and earlier.

• The issue has been fixed on ABP (ASUSTOR Backup Plan) 2.0.7.6131 and AES (ASUSTOR EZSync) 1.0.6.6134.

An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data.
Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.

• The issue has been fixed on ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1.

A stored Cross-Site Scripting (XSS) vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other sensitive information retained by the browser and used with the affected applications.

Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier, and Text Editor 1.0.0.r112 and earlier.

• The issue has been fixed on ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1.