threat
engine
.sh
Back
·
··:··
Home
/
Product
/
asustor data master
Product
asustor data master
37 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-6644
>= 4.1.0.rhu2 and < 4.3.3.RR42
A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to
9.1
CRITICAL
CVE-2026-6643
>= 4.1.0.rhu2 and < 4.3.3.RR42
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded ssc
9.9
CRITICAL
CVE-2026-3179
>= 4.1.0.rhu2 and <= 4.3.3.rof1
The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A mal
8.1
HIGH
CVE-2026-3100
>= 4.1.0.rhu2 and <= 4.3.3.rof1
The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using
6.5
MEDIUM
CVE-2026-24936
>= 4.1.0.rhu2 and <= 4.3.3.rof1
When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a
9.8
CRITICAL
CVE-2026-24935
>= 4.1.0.rhu2 and <= 4.3.3.rof1
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequen
5.6
MEDIUM
CVE-2026-24934
>= 4.1.0.rhu2 and <= 4.3.3.rof1
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server f
3.7
LOW
CVE-2026-24933
>= 4.1.0.rhu2 and <= 4.3.3.rof1
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper c
5.9
MEDIUM
CVE-2026-24932
>= 4.1.0.rhu2 and <= 4.3.3.rof1
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the con
5.9
MEDIUM
CVE-2025-13053
>= 4.1.0.RHU2 and < 4.3.3.ROF1
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an
3.7
LOW
CVE-2025-13052
>= 4.1.0.RHU2 and < 4.3.3.ROF1
When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificate
5.9
MEDIUM
CVE-2023-4475
>= 4.0.6.ris1 and < 4.2.2.ri61
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming fe
7.5
HIGH
CVE-2023-3699
>= 4.0.6.ris1 and < 4.2.3.rk91
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify
8.7
HIGH
CVE-2023-3698
>= 4.0.0.rib4 and <= 4.0.6.ris1
Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended direc
8.5
HIGH
CVE-2023-3697
>= 4.0.0.rib4 and <= 4.0.6.ris1
Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended direc
8.5
HIGH
CVE-2023-2910
>= 4.0.0.rib4 and <= 4.0.6.ris1
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality
8.8
HIGH
CVE-2018-12319
all versions
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed te
7.5
HIGH
CVE-2018-12318
all versions
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in clea
8.8
HIGH
CVE-2018-12317
all versions
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying th
8.8
HIGH
CVE-2018-12316
all versions
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filen
8.8
HIGH
CVE-2018-12315
all versions
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the
6.5
MEDIUM
CVE-2018-12314
all versions
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipula
7.5
HIGH
CVE-2018-12313
all versions
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication v
9.8
CRITICAL
CVE-2018-12312
all versions
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_
8.8
HIGH
CVE-2018-12311
all versions
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript
5.4
MEDIUM
CVE-2018-12310
all versions
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announce
5.4
MEDIUM
CVE-2018-12309
all versions
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifyin
7.5
HIGH
CVE-2018-12308
all versions
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt
6.5
MEDIUM
CVE-2018-12307
all versions
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" P
8.8
HIGH
CVE-2018-12306
all versions
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1
7.5
HIGH
CVE-2018-12305
all versions
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images
6.1
MEDIUM
CVE-2018-15699
<= 3.1.5
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle
6.1
MEDIUM
CVE-2018-15698
<= 3.1.5
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when
6.5
MEDIUM
CVE-2018-15697
<= 3.1.5
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing
6.5
MEDIUM
CVE-2018-15696
<= 3.1.5
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.c
4.3
MEDIUM
CVE-2018-15695
<= 3.1.5
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due
6.5
MEDIUM
CVE-2018-15694
<= 3.1.5
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations du
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin