CVE-2025-13053
📋 TL;DR
This vulnerability allows man-in-the-middle attackers to intercept and potentially modify communications between ASUSTOR NAS devices and UPS servers due to improper TLS certificate validation. Attackers could obtain sensitive UPS configuration information. Affected systems are ASUSTOR NAS devices running ADM versions 4.1.0 through 4.3.3.RKD2 and 5.0.0 through 5.1.0.RN42.
💻 Affected Systems
- ASUSTOR NAS devices
📦 What is this software?
Data Master by Asustor
Data Master by Asustor
⚠️ Risk & Real-World Impact
Worst Case
Attackers intercept UPS configuration data including credentials, network settings, and control parameters, potentially allowing them to manipulate UPS behavior or gain further network access.
Likely Case
Attackers on the same network segment intercept UPS status and configuration data, compromising UPS management security.
If Mitigated
With proper network segmentation and certificate validation, impact is limited to denial of UPS status monitoring.
🎯 Exploit Status
Requires network position to intercept traffic between NAS and UPS server. No authentication bypass needed for interception.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ADM 4.3.4.RKJ1 and later, ADM 5.1.1.RN43 and later
Vendor Advisory: https://www.asustor.com/security/security_advisory_detail?id=49
Restart Required: Yes
Instructions:
1. Log into ADM web interface. 2. Go to Settings > ADM Update. 3. Check for updates. 4. Install latest ADM version. 5. Restart NAS when prompted.
🔧 Temporary Workarounds
Disable network UPS monitoring
allTemporarily disable UPS status retrieval over network until patched
Navigate to ADM Settings > Hardware > UPS > Disable 'Enable UPS support' or configure for USB/local connection only
Network segmentation
allIsolate NAS and UPS server on separate VLAN to limit attack surface
🧯 If You Can't Patch
- Segment NAS and UPS server on isolated network segment
- Use direct USB connection between NAS and UPS instead of network monitoring
🔍 How to Verify
Check if Vulnerable:
Check ADM version in Settings > ADM Update. If version is between affected ranges and UPS network monitoring is enabled, system is vulnerable.Check Version:
ssh admin@nas-ip 'cat /etc/nas.conf | grep version' or check via ADM web interfaceVerify Fix Applied:
Verify ADM version is 4.3.4.RKJ1 or later for ADM 4.x, or 5.1.1.RN43 or later for ADM 5.x.📡 Detection & Monitoring
Log Indicators:
- Unexpected certificate validation failures in system logs
- Unusual network connections to UPS port (default 3493)
Network Indicators:
- MITM activity between NAS and UPS server IPs
- Unencrypted or improperly validated TLS traffic on UPS port
SIEM Query:
source="nas-logs" AND ("certificate" OR "TLS" OR "UPS") AND ("fail" OR "error" OR "invalid")