This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Samsung SyncThru. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the AddDriverFileServlet servlet exposed by upload/addDriver. The issue lies in the failure to sanitize the path of files uploaded, allowing for the deletion of any file on the system. An attacker could use this to create a denial-of-service condition.