The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle (MitM) attack, which may intercept, modify, or obtain sensitive information such as authentication credentials and backup data.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.
References
| Link | Resource |
|---|---|
| https://www.asustor.com/security/security_advisory_detail?id=53 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Feb 2026, 16:33
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.asustor.com/security/security_advisory_detail?id=53 - Vendor Advisory | |
| CPE | cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| First Time |
Asustor data Master
Asustor |
25 Feb 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle (MitM) attack, which may intercept, modify, or obtain sensitive information such as authentication credentials and backup data. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51. |
25 Feb 2026, 06:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-25 06:16
Updated : 2026-02-26 16:33
NVD link : CVE-2026-3100
Mitre link : CVE-2026-3100
CVE.ORG link : CVE-2026-3100
JSON object : View
Products Affected
asustor
- data_master
CWE
CWE-295
Improper Certificate Validation