PT-2023-22137 · Asustek · Adm
Juyang.Gao
·
Published
2023-05-31
·
Updated
2023-06-07
·
CVE-2023-2909
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ADM versions 4.0.6.REG2 through 4.1.0
ADM versions 4.2.1.RGE2 and below
Description
The EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files.
Recommendations
For ADM versions 4.0.6.REG2 through 4.1.0, consider restricting access to the EZ Sync service until a patch is available.
For ADM versions 4.2.1.RGE2 and below, consider restricting access to the EZ Sync service until a patch is available.
As a temporary workaround, consider disabling the EZ Sync service to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adm