CVE-2026-3100

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.2.RE51

Description The FTP Backup feature does not properly validate TLS certificates when connecting to an FTP server using FTPES/FTPS. This improper validation allows a remote attacker to potentially intercept network traffic, enabling a Man-in-the-Middle (MitM) attack. Such an attack could lead to the interception, modification, or acquisition of sensitive information, including authentication credentials and backup data.

Recommendations Update ASUSTOR ADM to a version later than 5.1.2.RE51. Update ASUSTOR ADM to a version later than 4.3.3.ROF1.