PT-2026-21879 · Asustor · Asustor Adm
Nuke
·
Publicado
2026-02-25
·
Atualizado
2026-03-02
·
CVE-2026-3179
CVSS v4.0
9.2
Crítica
| Vetor | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1
ASUSTOR ADM versions 5.0.0 through 5.1.2.RE51
Description
A path traversal issue exists in the FTP Backup feature of ASUSTOR ADM. The software does not adequately sanitize filenames received from an FTP server when processing directory listings. This allows a malicious server or a man-in-the-middle attacker to create filenames with path traversal sequences, potentially enabling them to write files outside the intended backup directory. Successful exploitation of this issue could lead to arbitrary file overwrites, privilege escalation, or remote code execution.
Recommendations
Update ASUSTOR ADM to a version later than 5.1.2.RE51.
Update ASUSTOR ADM to a version later than 4.3.3.ROF1.
Correção
LPE
RCE
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asustor Adm