The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as "C:\Program.exe". If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.
Affected products and versions include: ABP (ASUSTOR Backup Plan) 2.0.7.6130 and earlier as well as AES (ASUSTOR EZSync) 1.0.6.6133 and earlier.

• The issue has been fixed on ABP (ASUSTOR Backup Plan) 2.0.7.6131 and AES (ASUSTOR EZSync) 1.0.6.6134.

An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data.
Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.

• The issue has been fixed on ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1.

A stored Cross-Site Scripting (XSS) vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other sensitive information retained by the browser and used with the affected applications.

Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier, and Text Editor 1.0.0.r112 and earlier.

• The issue has been fixed on ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1.