We use cookies to help us improve our webpage. Please read our Cookie Policy .

ASUSTOR Product Security Advisory

ASUSTOR is committed to customer and data safety as well as the security of our products. We encourage developers and members of the public to report any potential or confirmed security vulnerabilities found on an ASUSTOR product to the ASUSTOR Security Response Team.

Report Vulnerabilities

To inform ASUSTOR of security vulnerabilities found in ASUSTOR products, please include as much information as possible, including, hardware model, ADM version, the name and version of apps where vulnerabilities exist, a description of vulnerabilities and complete steps to reproduce the vulnerability. When contacting ASUSTOR, it’s recommended to use the PGP encryption public key provided on this page to ensure the integrity and confidentiality of the email.

The ASUSTOR Security Team will analyze and investigate received information about security vulnerabilities affecting ASUSTOR products. Typically, ASUSTOR will acknowledge receipt of your report within three (3) business days, after which we will begin to investigate and verify the reported issue. Updates will be provided once every fourteen (14) calendar days. Once your report is reviewed and confirmed, ASUSTOR will then release a patch or an updated version of relevant software as necessary. The patch and updated version is generally released within ninety (90) business days after filing. Depending on the complexity of the issue, additional time may be required. A corresponding Security Advisory article will also be posted. All communications with ASUSTOR are confidential and information sent to ASUSTOR is protected. ASUSTOR does not request for nor disclose any personal information that can be used to identify you, including your identity, your work, devices you use or deployed.

To report security issues that affect ASUSTOR products, please use the below PGP key to encrypt your email message, and send it to security@asustor.com. This email address cannot send out replies. To reduce reply timeframes, updates on reported security vulnerabilities are sent through an alternate email address. For tech support, visit our support center instead.

PGP Key Information

We recommend using the below PGP key to encrypt your email for reporting security vulnerabilities to ASUSTOR.

Product Security Updates

To protect users, ASUSTOR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, vulnerabilities shall be announced on ASUSTOR 's official website.

Advisory CVE Severity Status Last Updated
AS-2026-007: Linux Kernal - Copy Fail CVE-2026-31431 Important Ongoing 2026-05-04
AS-2026-006: PPTP VPN Clinet CVE-2026-6644 Important Resolved 2026-05-04
AS-2026-005: VPN Clients CVE-2026-6643 Important Resolved 2026-05-04
AS-2026-004: FTP Backup CVE-2026-3100, CVE-2026-3179 Important Resolved 2026-03-05
AS-2026-003: GNU Inetutils CVE-2026-24061, CVE-2026-32746 Not affected Resolved 2026-04-02
AS-2026-002: ADM CVE-2026-24936 Important Resolved 2026-03-05
AS-2026-001: ADM CVE-2026-24932, CVE-2026-24933, CVE-2026-24934, ... Important Resolved 2026-03-05
AS-2025-010: ADM CVE-2025-13052, CVE-2025-13053 Important Resolved 2025-12-22
AS-2025-009: ABP and AES CVE-2025-13051 Important Resolved 2025-11-19
AS-2025-008: ABP and AES CVE-2025-8070 Important Resolved 2025-07-23
AS-2025-007: EZ Sync Manager CVE-2025-7699 Important Resolved 2025-07-17
AS-2025-006: ADM and Text Editor CVE-2025-7618 Moderate Resolved 2025-07-17
AS-2025-005: ADM CVE-2025-7380 Important Resolved 2025-07-17
AS-2025-004: Sudo CVE-2025-32463, CVE-2025-32462 Important Resolved 2025-07-17
AS-2025-003: DataSync Center CVE-2025-7379 Important Resolved 2025-07-11
AS-2025-002: ADM CVE-2025-7378 Important Resolved 2025-07-11
AS-2025-001: Docker Engine CVE-2025-27144 Moderate Resolved 2025-07-04
AS-2024-007: Apache HTTP Server CVE-2024-40725, CVE-2024-39884, CVE-2024-38474, ... Important Resolved 2025-01-15
AS-2024-006: Netatalk CVE-2024-38439, CVE-2024-38440, CVE-2024-38441 Important Resolved 2024-09-27
AS-2024-005: Docker Engine CVE-2024-41110 Important Resolved 2024-08-07
AS-2024-004: OpenSSH CVE-2024-6387 Important Resolved 2024-07-17
AS-2024-003: Linux Kernel CVE-2024-1086 Important Resolved 2024-07-17
AS-2024-002: XZ Utils CVE-2024-3094 Not affected Resolved 2024-04-03
AS-2024-001: Docker Engine CVE-2024-21626, CVE-2024-24557 Important Resolved 2024-03-13
AS-2023-014: OpenSSL CVE-2023-2650, CVE-2023-3446, CVE-2023-3817... Moderate Resolved 2024-07-17
AS-2023-013: OpenSSH CVE-2023-38408 Important Resolved 2023-11-29
AS-2023-012: ADM CVE-2023-4475 Important Resolved 2023-11-29
AS-2023-011: ADM CVE-2023-3699 Important Resolved 2023-11-29
AS-2023-010: ADM CVE-2023-3697, CVE-2023-3698 Important Resolved 2023-11-29
AS-2023-009: ADM CVE-2023-2910 Important Resolved 2023-11-29
AS-2023-008: PHP 8.1 CVE-2023-0662, CVE-2022-31630, CVE-2022-31627... Important Resolved 2023-06-07
AS-2023-007: EZ Sync on ADM CVE-2023-2909 Important Resolved 2023-06-29
AS-2023-006: Download Center CVE-2023-2749 Important Resolved 2023-06-21
AS-2023-005: Netatalk CVE-2022-43634, CVE-2022-45188 Moderate Resolved 2023-06-29
AS-2023-004: XSS issue on ADM, LooksGood and SoundsGood CVE-2023-2509 Important Resolved 2024-05-14
AS-2023-003: ADM CVE-2023-30770 Moderate Resolved 2023-06-29
AS-2023-002: OpenSSL CVE-2023-0215, CVE-2023-0286, CVE-2022-4304... Important Resolved 2023-06-29
AS-2023-001: Sudo CVE-2023-22809 Moderate Resolved 2023-02-20
AS-2022-017: Samba CVE-2022-37966, CVE-2022-37967, CVE-2022-38023... Moderate Resolved 2023-02-20
AS-2022-016: Samba CVE-2022-3437, CVE-2022-3592, CVE-2022-42898 Moderate Resolved 2022-12-27
AS-2022-015: OpenSSL CVE-2022-3602, CVE-2022-3786 Not affected Resolved 2022-11-14
AS-2022-014: Samba CVE-2022-2031, CVE-2022-32744, CVE-2022-32746... Important Resolved 2022-12-27
AS-2022-013: Apache HTTP Server CVE-2022-26377, CVE-2022-28330, CVE-2022-28614... Moderate Resolved 2022-08-17
AS-2022-012: OpenLDAP CVE-2022-29155, CVE-2020-36221, CVE-2020-25710... Important Resolved 2022-08-29
AS-2022-011: ADM CVE-2022-37398 Important Resolved 2022-08-29
AS-2022-010: PHP CVE-2022-31625, CVE-2022-31626 Important Resolved 2022-08-03
AS-2022-009: OpenSSL CVE-2022-2068, CVE-2022-2097 Moderate Resolved 2022-08-29
AS-2022-008: ADM: DeadBolt ransomware Critical Resolved 2022-06-14
AS-2022-007: OpenSSL CVE-2022-1292, CVE-2022-1343, CVE-2022-1434... Moderate Resolved 2022-05-30
AS-2022-006: Netatalk CVE-2021-31439, CVE-2022-23121, CVE-2022-23122... Important Resolved 2022-05-06
AS-2022-005: Apache HTTP Server CVE-2022-22719, CVE-2022-22720, CVE-2022-22721... Important Resolved 2022-05-16
AS-2022-004: OpenSSL CVE-2022-0778 Moderate Resolved 2022-03-29
AS-2022-003: Linux Kernel CVE-2022-0847 Not affected Resolved 2022-07-07
AS-2022-002: ADM: DeadBolt ransomware Critical Resolved 2022-03-28
AS-2022-001: Samba CVE-2021-44142 Important Resolved 2022-02-15
AS-2021-001: Log4Shell (Log4j 2) CVE-2021-44228, CVE-2021-45046, CVE-2021-44832 Not affected Resolved 2021-12-16

Minimum Support Timeframe for Security Updates

This page describes ASUSTOR’s policies in regards to guaranteed timeframes for security updates in ADM for ASUSTOR NAS devices. This policy applies to ASUSTOR products worldwide and is additionally compliant with the UK’s PSTI Act.

Software security support periods are listed below and are considered as minimum durations. ASUSTOR at its discretion may elect to increase these durations beyond the minimum security support duration.

Device Model UK PSTI Statement of Compliance Date of first supply Minimum Duration for Software Security Support
DRIVESTOR 2 Lite (AS1102TL) Download PDF 9 January 2024 Five (5) years from date of first supply
DRIVESTOR 4 (AS1104T) Download PDF 2 August 2021
DRIVESTOR 2 Gen2 (AS1202T) Download PDF 20 November 2025
DRIVESTOR 4 Gen2 (AS1204T) Download PDF 20 November 2025
DRIVESTOR 2 Pro Gen2 (AS3302T v2) Download PDF 8 January 2024
DRIVESTOR 4 Pro Gen2 (AS3304T v2) Download PDF 8 January 2024
NIMBUSTOR 2 (AS5202T) Download PDF 14 May 2019
NIMBUSTOR 4 (AS5304T) Download PDF 14 May 2019
NIMBUSTOR 2 Gen2 (AS5402T) Download PDF 18 July 2023
NIMBUSTOR 4 Gen2 (AS5404T) Download PDF 18 July 2023
LOCKERSTOR 8 (AS6508T) Download PDF 25 November 2019
LOCKERSTOR 10 (AS6510T) Download PDF 25 November 2019
LOCKERSTOR 2 Gen2+ (AS6702T v2) Download PDF 25 November 2025
LOCKERSTOR 2 Gen2 (AS6702T) Download PDF 18 May 2022
LOCKERSTOR 4 Gen2+ (AS6704T v2) Download PDF 25 November 2025
LOCKERSTOR 4 Gen2 (AS6704T) Download PDF 18 May 2022
LOCKERSTOR 6 Gen2+ (AS6706T v2) Download PDF 25 November 2025
LOCKERSTOR 6 Gen2 (AS6706T) Download PDF 18 May 2022
LOCKERSTOR 4 Gen3 (AS6804T) Download PDF 8 October 2024
LOCKERSTOR 6 Gen3 (AS6806T) Download PDF 8 October 2024
LOCKERSTOR 8 Gen3 (AS6808T) Download PDF 8 October 2024
LOCKERSTOR 10 Gen3 (AS6810T) Download PDF 8 October 2024
FLASHSTOR 6 (FS6706T) Download PDF 24 April 2023
FLASHSTOR 6 Gen2 (FS6806X) Download PDF 13 November 2024
FLASHSTOR 12 Pro Gen2 (FS6812X) Download PDF 13 November 2024
FLASHSTOR 12 Pro (FS6712X) Download PDF 24 April 2023
LOCKERSTOR 10 Pro (AS7110T) Download PDF 17 December 2019
LOCKERSTOR 4RS (AS6504RS) / LOCKERSTOR 4RD (AS6504RD) Download PDF 2 August 2021
LOCKERSTOR 12RD (AS6512RD) Download PDF 2 August 2021
LOCKERSTOR 12R Pro (AS7112RDX) Download PDF 21 July 2020
LOCKERSTOR 16R Pro (AS7116RDX) Download PDF 21 July 2020
LOCKERSTOR 12R Pro Gen2 (AS7212RDX) Download PDF 7 August 2025
LOCKERSTOR 16R Pro Gen2 (AS7216RDX) Download PDF 7 August 2025
LOCKERSTOR 24R Pro Gen2 (AS7224RDX) Download PDF 7 August 2025