Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-3224-p867-265f

Опубликовано: 25 фев. 2026
Источник: github
Github: Не прошло ревью
CVSS4: 8.3
CVSS3: 6.5

Описание

Improper Certificate Validation vulnerability in ASUSTOR ADM FTP Backup on Linux, x86, ARM, 64 bit allows Sniffing Attacks.This issue affects ADM: from 4.1.0 through 4.3.3.ROF1, from 5.0.0 through 5.1.2.RE51.

Improper Certificate Validation vulnerability in ASUSTOR ADM FTP Backup on Linux, x86, ARM, 64 bit allows Sniffing Attacks.This issue affects ADM: from 4.1.0 through 4.3.3.ROF1, from 5.0.0 through 5.1.2.RE51.

Ссылки

EPSS

Процентиль: 15%
0.00049
Низкий

8.3 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2026-3100

Дефекты

CWE-295

Связанные уязвимости

nvd логотип

CVE-2026-3100

CVSS3: 6.5
nvd
около 1 месяца назад

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle (MitM) attack, which may intercept, modify, or obtain sensitive information such as authentication credentials and backup data. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.

EPSS

Процентиль: 15%
0.00049
Низкий

8.3 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2026-3100

Дефекты

CWE-295