Wednesday, February 7th 2024

ASUSTOR Alerts Customers to Severe Vulnerability, Surveillance Center Gets Emergency Update

An emergency update is being pushed for Surveillance Center in response to a severe vulnerability detected in the software that could potentially allow an attacker to gain control elevated privileges to execute code on ADM to install malware. This update fixes this underlying vulnerability. ASUSTOR strongly urges all users of Surveillance Center for ADM to install the latest version as soon as possible to protect themselves and to minimize the risk of malware infection. ASUSTOR also recommends taking additional security measures to guard against the potential harms of malware in accordance with previously announced protective measures.

ASUSTOR strongly recommends taking the following actions to ensure your data is secure:
  • Change your password.
  • Use a strong password.
  • Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
  • Turn off Terminal/SSH and SFTP services and other services you do not use.
  • Make regular backups and ensure backups are up to date.
  • Turn on and update snapshots if available.
  • Enable the AbuseIPDB risk detection greylist.
Source: ASUS
Add your own comment

4 Comments on ASUSTOR Alerts Customers to Severe Vulnerability, Surveillance Center Gets Emergency Update

#1
Makaveli
This would have been alittle more helpful is asus listed the models that were affected. I just check for my NAS and no new updates available yet.
Posted on Reply
#2
ncrs
MakaveliThis would have been alittle more helpful is asus listed the models that were affected. I just check for my NAS and no new updates available yet.
I think it's about Surveillance Center that you install from the App Central:
There is no Product Security Update that matches on their security site yet. It's a bit unusual to publish a "severe vulnerability" warning in the Q&A section instead.
Posted on Reply
#3
Makaveli
ncrsI think it's about Surveillance Center that you install from the App Central:
There is no Product Security Update that matches on their security site yet. It's a bit unusual to publish a "severe vulnerability" warning in the Q&A section instead.
Thanks for the update I don't have that app installed.

Posted on Reply
#4
KLMR
If there is no list, means either all models are affected or they don't which ones.
If they tell to disconnect all those access methods, change passwords, ports, etc. and there is no patch available... ....what do you think it means?
Posted on Reply
Dec 21st, 2024 12:40 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts