Asustor Adm

25 CVEs affecting Asustor Adm. Latest disclosed: 2026-02-25. Critical: 2, High: 11.

Top CVEs affecting Asustor Adm
CVESeverityScorePublishedSummary
CVE-2026-24936Critical9.82026-02-03When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowin…
CVE-2018-11510Critical9.82018-06-28The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding…
CVE-2023-2910High8.82023-08-17Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM)…
CVE-2023-3699High8.72023-08-22An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configur…
CVE-2023-2749High8.62023-05-31Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensiti…
CVE-2023-3698High8.52023-08-17Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete fil…
CVE-2023-3697High8.52023-08-17Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create fil…
CVE-2023-2909High8.52023-05-31EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected prod…
CVE-2026-3179High8.12026-02-25The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacke…
CVE-2023-4475High7.52023-08-22An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to uninte…
CVE-2023-2509High7.12023-05-17A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scrip…
CVE-2023-30770High7.12023-04-17A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vu…
CVE-2022-37398High7.12022-08-05A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulner…
CVE-2026-3100Medium6.52026-02-25The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper valid…
CVE-2026-24933Medium5.92026-02-03The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulner…
CVE-2026-24932Medium5.92026-02-03The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improp…
CVE-2025-13052Medium5.92025-12-12When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can…
CVE-2026-24935Medium5.62026-02-03A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services r…
CVE-2026-24934Low3.72026-02-03The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP addres…
CVE-2025-13053Low3.72025-12-12When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept n…