334 matches found
ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection
ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...
Exploit for OS Command Injection in Asustor Data_Master
No d...
Exploit for Stack-based Buffer Overflow in Asustor Data_Master
CVE-2026-6643 — ASUSTOR ADM 5.1.2 RCE Format String CWE-134...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.RR42, and 5.0.0 to 5.1.2.REO1 of ASUSTOR ADM. These vulnerabilities stem from the use of the unbounded sscanf function by the VPN clien...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.RR42, and 5.0.0 to 5.1.2.REO1 of ASUSTOR ADM. These vulnerabilities stem from insufficient input validation by the PPTP VPN client, whi...
CVE-2026-3179
The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...
CVE-2026-3100
The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...
CVE-2026-3179 A path traversal vulnerability was found in the FTP Backup on the ADM.
The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...
CVE-2026-3179
The CVE describes a Path Traversal in ASUSTOR ADM FTP Backup on Linux platforms (x86, ARM, 64‑bit). The vulnerability arises from improper limitation of a pathname to a restricted directory, enabling unauthorized access via the network. Affected ADM versions are 4.1.0 through 4.3.3.ROF1, and 5.0....
CVE-2026-3100
CVE-2026-3100 affects ASUSTOR ADM FTP Backup running on Linux/x86/ARM (64‑bit). The issue is improper certificate validation in ADM FTP Backup, enabling sniffing attacks over the network. Affected versions are ADM 4.1.0–4.3.3.ROF1 and 5.0.0–5.1.2.RE51. The CVSS base score is 8.3 (HIGH) with netwo...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from 5.0.0 to 5.1.2.RE51 of ASUSTOR ADM. These vulnerabilities stem from the FTP backup feature not properly verifying TLS...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1 of ASUSTOR ADM, as well as in versions 5.0.0 to 5.1.2.RE51 of ADM. These vulnerabilities stem from the FTP backup feature not...
PT-2026-21879
Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.2.RE51 Description A path traversal issue exists in the FTP Backup feature of ASUSTOR ADM. The software does not adequately sanitize filenames received from a...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from improper validation of input parameters...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the DDNS update feature not correctly...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the third-party NAT traversal module not...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the use of insecure HTTP connections in the...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the API communication component not verifyin...
CVE-2019-11689
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root...
CVE-2019-11688
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation...