PT-2026-5771 · Asustor · Asustor Adm
Published
2026-02-03
·
Updated
2026-03-12
·
CVE-2026-24936
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1
ASUSTOR ADM versions 5.0.0 through 5.1.1.RCI1
Description
An improper input parameters validation issue exists in a specific CGI program when a particular function is enabled during Active Directory (AD) domain joining. This allows an unauthenticated remote attacker to write arbitrary data to any file on the system. Successful exploitation can lead to overwriting critical system files and complete system compromise.
Recommendations
For ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1, disable the specific function used during AD domain joining.
For ASUSTOR ADM versions 5.0.0 through 5.1.1.RCI1, disable the specific function used during AD domain joining.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asustor Adm