Asustor ADM Improper TLS Certificate Validation Vulnerability in UPS Management

Vulnerability

A vulnerability exists in Asustor's ADM operating system, specifically in versions 4.1.0 prior to 4.3.3.RKD2 and 5.0.0 prior to 5.1.0.RN42. The issue arises from non-enforced TLS certificate verification when users configure the NAS to manage UPS settings. This flaw allows an attacker to intercept network traffic between the client and server, potentially leading to a man-in-the-middle (MITM) attack. Exploitation of this vulnerability could result in unauthorized access to sensitive information regarding the UPS server configuration.

Impact

Exploitation of this vulnerability could allow an attacker to intercept and manipulate network traffic, accessing sensitive UPS configuration information.

Added: Dec 12, 2025, 3:22 AM

Updated: Dec 12, 2025, 3:22 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Asustor ADM Improper TLS Certificate Validation Vulnerability in UPS Management

Vulnerability

Impact

Affected Products

ASUSTOR ADM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating