Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ASUSTOR — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting ASUSTOR. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ASUSTOR manufactures network-attached storage (NAS) devices and data management solutions primarily targeting small to medium-sized businesses and home users seeking centralized file storage and backup capabilities. Security audits have identified twenty-six Common Vulnerabilities and Exposures (CVEs) associated with its firmware and software ecosystem. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and weak authentication mechanisms in web interfaces. While no single catastrophic data breach has publicly defined the company’s security history, the recurring nature of these technical defects highlights systemic weaknesses in code review processes. Users are advised to apply firmware updates promptly to mitigate risks associated with these known exploit vectors, as the devices frequently serve as entry points for lateral movement within local networks due to their persistent connectivity and administrative access features.

Top products by ASUSTOR: ADM ABP and AES Download Center
CVE IDTitleCVSSSeverityPublished
CVE-2026-3179 A path traversal vulnerability was found in the FTP Backup on the ADM. — ADMCWE-22 6.5 -2026-02-25
CVE-2026-3100 An improper certificate validation vulnerability was found in the FTP Backup on the ADM. — ADMCWE-295 6.8 -2026-02-25
CVE-2026-24936 An improper input validation vulnerability was found in ADM while joining a AD Domain. — ADMCWE-20 9.8AICriticalAI2026-02-03
CVE-2026-24935 An improper certificate validation vulnerability was found in a third-party NAT traversal module. — ADMCWE-295 8.1AIHighAI2026-02-03
CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address. — ADMCWE-295 3.7AILowAI2026-02-03
CVE-2026-24933 An improper certificate validation vulnerability was found in ADM while sending HTTPS requests to the server. — ADMCWE-295 5.9AIMediumAI2026-02-03
CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings. — ADMCWE-295 7.4AIHighAI2026-02-03
CVE-2025-13053 A missing encryption of sensitive data vulnerability was found in the UPS settings of ADM — ADMCWE-311 3.7AILowAI2025-12-12
CVE-2025-13052 An improper certificates validation vulnerability was found in the Notification settings of ADM — ADMCWE-295 5.3AIMediumAI2025-12-12
CVE-2025-13051 Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges — ABP and AESCWE-427 7.8AIHighAI2025-11-19
CVE-2025-8070 Windows service registered with an unquoted ImagePath vulnerability in the system registry — ABP and AESCWE-428 7.8 -2025-07-23
CVE-2025-7699 An improper access control vulnerability was found in the EZ Sync Manager of ADM — ADMCWE-287 6.5AIMediumAI2025-07-16
CVE-2025-7618 A stored Cross-Site Scripting (XSS) vulnerability exists in the File Explorer and Text Editor of ADM — ADMCWE-79 4.8AIMediumAI2025-07-14
CVE-2025-7380 A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM — ADMCWE-79 5.4AIMediumAI2025-07-14
CVE-2025-7379 A security bypass vulnerability was found in DataSync Center installed on ADM — ADMCWE-352 8.1AIHighAI2025-07-09
CVE-2025-7378 An improper input validation vulnerability was found on manipulating configuration of ADM — ADMCWE-20 8.1AIHighAI2025-07-09
CVE-2023-4475 An Arbitrary File Movement vulnerability was found on the ADM — ADMCWE-552 7.5 High2023-08-22
CVE-2023-3699 An Improper Privilege Management vulnerability was found on the ADM — ADMCWE-269 8.7 High2023-08-22
CVE-2023-3698 A Command injection vulnerability was found on Printer service of ADM — ADMCWE-22 8.5 High2023-08-17
CVE-2023-3697 A Command injection vulnerability was found on Printer service of ADM — ADMCWE-22 8.5 High2023-08-17
CVE-2023-2910 A Command injection vulnerability was found on Printer service of ADM — ADMCWE-77 8.8 High2023-08-17
CVE-2023-2909 A Directory traversal vulnerability was found on EZ Sync service of ADM — ADMCWE-22 8.5 High2023-05-31
CVE-2023-2749 A Gain Information vulnerability was found on Download Center. — Download CenterCWE-200 8.6 High2023-05-31
CVE-2023-2509 A Cross-Site Scripting(XSS) vulnerability was found on ADM — ADMCWE-79 7.1 High2023-05-17
CVE-2023-30770 A stack-based buffer overflow vulnerability was found in the ADM — ADMCWE-787 7.1 High2023-04-17
CVE-2022-37398 A stack-based buffer overflow vulnerability was found on ADM — ADMCWE-121 7.1 High2022-08-05

This page lists every published CVE security advisory associated with ASUSTOR. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.