Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.3
FTP Backup on ADM Fails to Verify Server Certificates
CVE-2026-3100
Summary
The FTP Backup on some ADM versions doesn't check server certificates properly, allowing an attacker to intercept sensitive information like login credentials and backup data. This means that an attacker could secretly watch what's being sent between the ADM and the FTP server. To fix this, update your ADM to a version that's not affected by this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| asustor | data_master | > 4.1.0.rhu2 , <= 4.3.3.rof1 | – |
| asustor | data_master | > 5.0.0.ra82 , <= 5.1.2.reo1 | – |
Original title
The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a rem...
Original description
The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle (MitM) attack, which may intercept, modify, or obtain sensitive information such as authentication credentials and backup data.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.
nvd CVSS3.1
6.5
nvd CVSS4.0
8.3
Vulnerability type
CWE-295
Improper Certificate Validation
- https://www.asustor.com/security/security_advisory_detail?id=53 Vendor Advisory
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026