216.73.216.233

CVE-2026-3179

· Published 25/02/2026 06:16 · Modified 26/02/2026 16:32

Labels: CVE-2026-3179 2026-02-25CVE-2026-3179CWE-22[email protected]

Essential information

Published
25/02/2026 06:16
Modified
26/02/2026 16:32
Author
Creator
CVSS
9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path traversal vulnerability may allow an attacker to overwrite arbitrary files on the system and potentially achieve privilege escalation or remote code execution. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
asustor / data master cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:*
asustor / data master cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:*

References