5 matches found
CVE-2026-3100 An improper certificate validation vulnerability was found in the FTP Backup on the ADM.
The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...
CVE-2026-24933
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...
CVE-2023-4475
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...
CVE-2023-2909
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below...
ASUSTOR Data Master 路径遍历漏洞
ASUSTOR Data Master is an operating system exclusively on the ASUSTOR NAS from China's ASUS, featuring a tablet-like graphical interface comparable to a zero-learning curve, making it easy to get started right away. A security vulnerability exists in ASUSTOR Data Master ADM that stems from an...