PT-2023-22137 · Asustek · Adm
Juyang.Gao
·
Publicado
2023-05-31
·
Atualizado
2023-06-07
·
CVE-2023-2909
CVSS v3.1
10
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ADM versions 4.0.6.REG2 through 4.1.0
ADM versions 4.2.1.RGE2 and below
Description
The EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files.
Recommendations
For ADM versions 4.0.6.REG2 through 4.1.0, consider restricting access to the EZ Sync service until a patch is available.
For ADM versions 4.2.1.RGE2 and below, consider restricting access to the EZ Sync service until a patch is available.
As a temporary workaround, consider disabling the EZ Sync service to minimize the risk of exploitation.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Adm