CVE-2023-2909 HIGH

CVE-2023-2909: A Directory traversal vulnerability was found on EZ Sync service of ADM

Vendor Asustor
Product ADM
Weakness CWE-22 · Path traversal
Published May 31, 2023
Last update January 9, 2025
View on NVD All CVEs

CVSS base score

8.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.

Key dates

02Disclosure timeline

May 31, 2023 CVE published
January 9, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-31287 WordPress Media Library Folders plugin <= 8.1.8 - Directory Traversal vulnerability CVE-2023-32137 D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability CVE-2024-44017 WordPress MH Board plugin <= 1.3.2.1 - Local File Inclusion vulnerability CVE-2020-36639 AlliedModders AMX Mod X Console Command adminvote.sma cmdVoteMap path traversal CVE-2024-8060 Remote Code Execution in OpenWebUI via Arbitrary File Upload