QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-3179

Back to search

CVE-2026-3179

Published: Feb 25, 2026

Modified: Feb 25, 2026

PUBLISHED

Description

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path traversal vulnerability may allow an attacker to overwrite arbitrary files on the system and potentially achieve privilege escalation or remote code execution. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51.

VendorProductVersions

ASUSTOR

ADM

affected
4.1.0 - <= 4.3.3.ROF1
affected
5.0.0 - <= 5.1.2.RE51

Weaknesses (CWE)

CWE-22

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now