Описание
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0.0 (включая) до 4.0.6.reg2 (включая)Версия от 4.1.0 (включая) до 4.1.0rlq1 (включая)Версия от 4.2.0 (включая) до 4.2.1.rge2 (включая)
Одно из
cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*
cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*
cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00302
Низкий
8.5 High
CVSS3
10 Critical
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 6
github
около 2 лет назад
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.
EPSS
Процентиль: 53%
0.00302
Низкий
8.5 High
CVSS3
10 Critical
CVSS3
Дефекты
CWE-22
CWE-22