PT-2026-21876 · Asustor · Asustor Adm

Nuke

Publicado

2026-02-25

Atualizado

2026-02-26

CVE-2026-3100

CVSS v4.0

8.3

Alta

Vetor

AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.2.RE51

Description The FTP Backup feature does not properly validate TLS certificates when connecting to an FTP server using FTPES/FTPS. This improper validation allows a remote attacker to potentially intercept network traffic, enabling a Man-in-the-Middle (MitM) attack. Such an attack could lead to the interception, modification, or acquisition of sensitive information, including authentication credentials and backup data.

Recommendations Update ASUSTOR ADM to a version later than 5.1.2.RE51. Update ASUSTOR ADM to a version later than 4.3.3.ROF1.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2026-3100

Produtos afetados

Asustor Adm

PT-2026-21876 · Asustor · Asustor Adm

CVE-2026-3100

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8