ASUSTOR 最新旗艦級機架式 NAS AS7212RDX (Lockerstor 12R PRO Gen2) 及 AS7216RDX (Lockerstor 16R PRO Gen2) 正式亮相! 專為中大型企業打造，全面升級效能、擴充性與安全性，讓高效儲存和虛擬化應用更加輕鬆無憂。

 

一、    高效核心，承載企業高速運算

二、    M.2 NVMe SSD 快取，資料存取更敏捷
內建 1 組 PCIe Gen5 x4 M.2 2280 NVMe 插槽，支援高速 SSD 作為快取或高速儲存空間，強化多用戶同時作業時的存取效率，大幅提升整體運作效能！

 

三、    雙 10GbE + 雙 1GbE，網速全面啟動
標配雙 10Gbps 與雙 1Gbps RJ45 網路埠，支援連線聚合與 SMB 多重通道，實現低延遲、高頻寬的穩定連線，資料傳輸更順暢。

官網了解更多: https://www.asustor.com/product?p_id=92

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as "C:\Program.exe". If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.
Affected products and versions include: ABP (ASUSTOR Backup Plan) 2.0.7.6130 and earlier as well as AES (ASUSTOR EZSync) 1.0.6.6133 and earlier.

• The issue has been fixed on ABP (ASUSTOR Backup Plan) 2.0.7.6131 and AES (ASUSTOR EZSync) 1.0.6.6134.

An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data.
Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.

• The issue has been fixed on ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1.

A stored Cross-Site Scripting (XSS) vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other sensitive information retained by the browser and used with the affected applications.

Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier, and Text Editor 1.0.0.r112 and earlier.

• The issue has been fixed on ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1.