• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

ASUSTOR Alerts Customers to Severe Vulnerability, Surveillance Center Gets Emergency Update

T0@st

T0@st

News Editor
Staff member
Joined
Mar 7, 2023
Messages
2,077 (4.77/day)
Location
South East, UK
An emergency update is being pushed for Surveillance Center in response to a severe vulnerability detected in the software that could potentially allow an attacker to gain control elevated privileges to execute code on ADM to install malware. This update fixes this underlying vulnerability. ASUSTOR strongly urges all users of Surveillance Center for ADM to install the latest version as soon as possible to protect themselves and to minimize the risk of malware infection. ASUSTOR also recommends taking additional security measures to guard against the potential harms of malware in accordance with previously announced protective measures.

ASUSTOR strongly recommends taking the following actions to ensure your data is secure:
  • Change your password.
  • Use a strong password.
  • Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
  • Turn off Terminal/SSH and SFTP services and other services you do not use.
  • Make regular backups and ensure backups are up to date.
  • Turn on and update snapshots if available.
  • Enable the AbuseIPDB risk detection greylist.



View at TechPowerUp Main Site | Source
 
Makaveli

Makaveli

Joined
Feb 21, 2006
Messages
1,997 (0.30/day)
Location
Toronto, Ontario
System Specs
System Name The Expanse
Processor AMD Ryzen 7 5800X3D
Motherboard Asus Prime X570-Pro BIOS 5013 AM4 AGESA V2 PI 1.2.0.Ca.
Cooling Corsair H150i Pro
Memory 32GB GSkill Trident RGB DDR4-3200 14-14-14-34-1T (B-Die)
Video Card(s) AMD Radeon RX 7900 XTX 24GB (24.4.1)
Storage WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 14TB
Display(s) LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case Fractal Design Meshify S2
Audio Device(s) Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply Corsair AX850 Titanium
Mouse Corsair Dark Core RGB SE
Keyboard Corsair K100
Software Windows 10 Pro x64 22H2
Benchmark Scores 3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/2dey9c
This would have been alittle more helpful is asus listed the models that were affected. I just check for my NAS and no new updates available yet.
 
N

ncrs

Joined
Jun 29, 2018
Messages
467 (0.22/day)
Makaveli said:
This would have been alittle more helpful is asus listed the models that were affected. I just check for my NAS and no new updates available yet.
Click to expand...
I think it's about Surveillance Center that you install from the App Central:

There is no Product Security Update that matches on their security site yet. It's a bit unusual to publish a "severe vulnerability" warning in the Q&A section instead.
 
Makaveli

Makaveli

Joined
Feb 21, 2006
Messages
1,997 (0.30/day)
Location
Toronto, Ontario
System Specs
System Name The Expanse
Processor AMD Ryzen 7 5800X3D
Motherboard Asus Prime X570-Pro BIOS 5013 AM4 AGESA V2 PI 1.2.0.Ca.
Cooling Corsair H150i Pro
Memory 32GB GSkill Trident RGB DDR4-3200 14-14-14-34-1T (B-Die)
Video Card(s) AMD Radeon RX 7900 XTX 24GB (24.4.1)
Storage WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 14TB
Display(s) LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case Fractal Design Meshify S2
Audio Device(s) Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply Corsair AX850 Titanium
Mouse Corsair Dark Core RGB SE
Keyboard Corsair K100
Software Windows 10 Pro x64 22H2
Benchmark Scores 3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/2dey9c
ncrs said:
I think it's about Surveillance Center that you install from the App Central:

There is no Product Security Update that matches on their security site yet. It's a bit unusual to publish a "severe vulnerability" warning in the Q&A section instead.
Click to expand...
Thanks for the update I don't have that app installed.

1707328136250.png
 
KLMR

KLMR

Joined
Jun 24, 2017
Messages
127 (0.05/day)
If there is no list, means either all models are affected or they don't which ones.
If they tell to disconnect all those access methods, change passwords, ports, etc. and there is no patch available... ....what do you think it means?
 
You must log in or register to reply here.
Top