CVE-2026-3100
Improper Certificate Validation in ASUSTOR ADM FTP Enables Sniffing
Publication date: 2026-02-25
Last updated on: 2026-02-26
Assigner: ASUSTOR, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asustor | data_master | From 4.1.0.rhu2 (inc) to 4.3.3.rof1 (inc) |
| asustor | data_master | From 5.0.0.ra82 (inc) to 5.1.2.reo1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3100 is a vulnerability in the FTP Backup feature of ASUSTOR Data Master (ADM) versions 4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.2.RE51. It is caused by improper enforcement of TLS certificate validation when connecting to FTP servers using FTPES/FTPS.
This flaw allows a remote attacker to perform a Man-in-the-Middle (MitM) attack by intercepting and potentially modifying network traffic. As a result, the attacker can gain access to sensitive information such as authentication credentials and backup data.
How can this vulnerability impact me? :
The vulnerability can lead to a Man-in-the-Middle attack where an attacker intercepts and modifies network traffic between the ADM FTP Backup client and the FTP server.
This can result in exposure of sensitive information including authentication credentials and backup data, potentially compromising the confidentiality and integrity of your backups.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper TLS certificate validation in the FTP Backup feature of ASUSTOR ADM, which can be exploited via Man-in-the-Middle (MitM) attacks on FTPES/FTPS connections.
To detect this vulnerability on your network or system, you can monitor FTPES/FTPS traffic for unusual or suspicious TLS certificate behavior, such as self-signed or invalid certificates during FTP backup sessions.
Specific commands are not provided in the available resources, but general approaches include:
- Using network packet capture tools like Wireshark or tcpdump to inspect FTPES/FTPS handshake and certificate exchanges.
- Checking the version of ASUSTOR ADM installed to see if it falls within the vulnerable ranges (4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.2.RE51).
- Reviewing system logs for FTP backup connection errors or warnings related to TLS certificate validation.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade ASUSTOR ADM to version 5.1.2.REO1 or later, where this vulnerability has been fixed.
Until the upgrade can be performed, consider disabling the FTP Backup feature or avoiding the use of FTPES/FTPS connections for backups to prevent exposure to Man-in-the-Middle attacks.
Additionally, monitor network traffic for suspicious activity and ensure that TLS certificates used in FTP connections are valid and properly verified.