CVE-2026-3179
📋 TL;DR
This path traversal vulnerability in ASUSTOR ADM FTP Backup allows attackers to access files outside the intended directory by manipulating file paths. It affects ASUSTOR NAS devices running ADM versions 4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.2.RE51 on Linux x86 and ARM platforms.
💻 Affected Systems
- ASUSTOR ADM FTP Backup
📦 What is this software?
Data Master by Asustor
Data Master by Asustor
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via arbitrary file read/write, potentially leading to credential theft, data exfiltration, or remote code execution.
Likely Case
Unauthorized access to sensitive files including configuration files, backups, and user data stored on the NAS.
If Mitigated
Limited impact if FTP backup service is disabled or network access is restricted.
🎯 Exploit Status
Path traversal vulnerabilities typically have low exploitation complexity. No public exploit code identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ADM 4.3.4 and ADM 5.1.3 or later
Vendor Advisory: https://www.asustor.com/security/security_advisory_detail?id=53
Restart Required: Yes
Instructions:
1. Log into ADM web interface. 2. Go to Settings > ADM Update. 3. Check for updates and install latest version. 4. Reboot the NAS after update completes.
🔧 Temporary Workarounds
Disable FTP Backup Service
linuxTemporarily disable the vulnerable FTP backup service until patching is possible.
Navigate to ADM Settings > Services > FTP Backup and toggle to OFF
Network Segmentation
linuxRestrict network access to FTP backup service using firewall rules.
Use iptables: iptables -A INPUT -p tcp --dport 21 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j DROP
🧯 If You Can't Patch
- Disable FTP backup service entirely if not required
- Implement strict network access controls to limit FTP service to trusted IPs only
🔍 How to Verify
Check if Vulnerable:
Check ADM version in web interface: Settings > ADM Update. If version is between 4.1.0-4.3.3.ROF1 or 5.0.0-5.1.2.RE51, system is vulnerable.Check Version:
ssh admin@nas_ip 'cat /etc/nas.conf | grep version' or check web interfaceVerify Fix Applied:
Verify ADM version is 4.3.4+ or 5.1.3+ after update. Test FTP backup functionality with path traversal attempts.📡 Detection & Monitoring
Log Indicators:
- Unusual FTP connection patterns
- Failed path traversal attempts in FTP logs
- Access to unexpected file paths
Network Indicators:
- Multiple FTP connections with crafted path parameters
- Unusual data transfer patterns via FTP
SIEM Query:
source="ftp.log" AND ("../" OR "/../" OR "..\" OR "%2e%2e%2f")