CVE-2026-3100

High CVSS: 8.3

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle (MitM) attack, which may intercept, modify, or obtain sensitive information such as authentication credentials and backup data.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.

Vendor

Asustor

Product

Data Master

CWE

CWE-295

Yayın Tarihi

2026-02-25 06:16:26

Güncelleme

2026-02-26 16:33:43

Source Identifier

security@asustor.com

KEV Date Added

Kategoriler

CWE-295 Data Master HIGH Asustor 2026

Referanslar

https://www.asustor.com/security/security_advisory_detail?id=53

Benzer Kayıtlar

Critical

CVE-2026-3179

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listi…

Critical

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerab…

High

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Althou…

High

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An…

Medium

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an externa…

Medium

CVE-2026-24935

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While…