cvedb.io
CVE-2023-2909
HIGH · CVSS 8.5
EPSS exploitation probability: 0%
Published 2023-05-31T10:15:09.577 · Last modified 2026-06-17T05:53:45.767

Summary

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.

Affected products

asustor — adm

Does this affect you?

Add your gear to cvedb and we'll alert you only when asustor ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.