ASUSTOR Product Security Advisory

Report Vulnerabilities

To report security issues that affect ASUSTOR products, please use the below PGP key to encrypt your email message, and send it to security@asustor.com. This email address cannot send out replies. For tech support, visit our support center instead.

PGP Key Information

We recommend using the below PGP key to encrypt your email for reporting security vulnerabilities to ASUSTOR.

Product Security Updates

To protect users, ASUSTOR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, vulnerabilities shall be announced on ASUSTOR 's official website.

Advisory	CVE	Severity	Status	Last Updated
AS-2026-006: PPTP VPN Clinet	CVE-2026-6644	Important	Ongoing	2026-04-27
AS-2026-005: VPN Clients	CVE-2026-6643	Important	Ongoing	2026-04-27
AS-2026-004: FTP Backup	CVE-2026-3100, CVE-2026-3179	Important	Resolved	2026-03-05
AS-2026-003: GNU Inetutils	CVE-2026-24061, CVE-2026-32746	Not affected	Resolved	2026-04-02
AS-2026-002: ADM	CVE-2026-24936	Important	Resolved	2026-03-05
AS-2026-001: ADM	CVE-2026-24932, CVE-2026-24933, CVE-2026-24934, ...	Important	Resolved	2026-03-05
AS-2025-010: ADM	CVE-2025-13052, CVE-2025-13053	Important	Resolved	2025-12-22
AS-2025-009: ABP and AES	CVE-2025-13051	Important	Resolved	2025-11-19
AS-2025-008: ABP and AES	CVE-2025-8070	Important	Resolved	2025-07-23
AS-2025-007: EZ Sync Manager	CVE-2025-7699	Important	Resolved	2025-07-17
AS-2025-006: ADM and Text Editor	CVE-2025-7618	Moderate	Resolved	2025-07-17
AS-2025-005: ADM	CVE-2025-7380	Important	Resolved	2025-07-17
AS-2025-004: Sudo	CVE-2025-32463, CVE-2025-32462	Important	Resolved	2025-07-17
AS-2025-003: DataSync Center	CVE-2025-7379	Important	Resolved	2025-07-11
AS-2025-002: ADM	CVE-2025-7378	Important	Resolved	2025-07-11
AS-2025-001: Docker Engine	CVE-2025-27144	Moderate	Resolved	2025-07-04
AS-2024-007: Apache HTTP Server	CVE-2024-40725, CVE-2024-39884, CVE-2024-38474, ...	Important	Resolved	2025-01-15
AS-2024-006: Netatalk	CVE-2024-38439, CVE-2024-38440, CVE-2024-38441	Important	Resolved	2024-09-27
AS-2024-005: Docker Engine	CVE-2024-41110	Important	Resolved	2024-08-07
AS-2024-004: OpenSSH	CVE-2024-6387	Important	Resolved	2024-07-17
AS-2024-003: Linux Kernel	CVE-2024-1086	Important	Resolved	2024-07-17
AS-2024-002: XZ Utils	CVE-2024-3094	Not affected	Resolved	2024-04-03
AS-2024-001: Docker Engine	CVE-2024-21626, CVE-2024-24557	Important	Resolved	2024-03-13
AS-2023-014: OpenSSL	CVE-2023-2650, CVE-2023-3446, CVE-2023-3817...	Moderate	Resolved	2024-07-17
AS-2023-013: OpenSSH	CVE-2023-38408	Important	Resolved	2023-11-29
AS-2023-012: ADM	CVE-2023-4475	Important	Resolved	2023-11-29
AS-2023-011: ADM	CVE-2023-3699	Important	Resolved	2023-11-29
AS-2023-010: ADM	CVE-2023-3697, CVE-2023-3698	Important	Resolved	2023-11-29
AS-2023-009: ADM	CVE-2023-2910	Important	Resolved	2023-11-29
AS-2023-008: PHP 8.1	CVE-2023-0662, CVE-2022-31630, CVE-2022-31627...	Important	Resolved	2023-06-07
AS-2023-007: EZ Sync on ADM	CVE-2023-2909	Important	Resolved	2023-06-29
AS-2023-006: Download Center	CVE-2023-2749	Important	Resolved	2023-06-21
AS-2023-005: Netatalk	CVE-2022-43634, CVE-2022-45188	Moderate	Resolved	2023-06-29
AS-2023-004: XSS issue on ADM, LooksGood and SoundsGood	CVE-2023-2509	Important	Resolved	2024-05-14
AS-2023-003: ADM	CVE-2023-30770	Moderate	Resolved	2023-06-29
AS-2023-002: OpenSSL	CVE-2023-0215, CVE-2023-0286, CVE-2022-4304...	Important	Resolved	2023-06-29
AS-2023-001: Sudo	CVE-2023-22809	Moderate	Resolved	2023-02-20
AS-2022-017: Samba	CVE-2022-37966, CVE-2022-37967, CVE-2022-38023...	Moderate	Resolved	2023-02-20
AS-2022-016: Samba	CVE-2022-3437, CVE-2022-3592, CVE-2022-42898	Moderate	Resolved	2022-12-27
AS-2022-015: OpenSSL	CVE-2022-3602, CVE-2022-3786	Not affected	Resolved	2022-11-14
AS-2022-014: Samba	CVE-2022-2031, CVE-2022-32744, CVE-2022-32746...	Important	Resolved	2022-12-27
AS-2022-013: Apache HTTP Server	CVE-2022-26377, CVE-2022-28330, CVE-2022-28614...	Moderate	Resolved	2022-08-17
AS-2022-012: OpenLDAP	CVE-2022-29155, CVE-2020-36221, CVE-2020-25710...	Important	Resolved	2022-08-29
AS-2022-011: ADM	CVE-2022-37398	Important	Resolved	2022-08-29
AS-2022-010: PHP	CVE-2022-31625, CVE-2022-31626	Important	Resolved	2022-08-03
AS-2022-009: OpenSSL	CVE-2022-2068, CVE-2022-2097	Moderate	Resolved	2022-08-29
AS-2022-008: ADM: DeadBolt ransomware		Critical	Resolved	2022-06-14
AS-2022-007: OpenSSL	CVE-2022-1292, CVE-2022-1343, CVE-2022-1434...	Moderate	Resolved	2022-05-30
AS-2022-006: Netatalk	CVE-2021-31439, CVE-2022-23121, CVE-2022-23122...	Important	Resolved	2022-05-06
AS-2022-005: Apache HTTP Server	CVE-2022-22719, CVE-2022-22720, CVE-2022-22721...	Important	Resolved	2022-05-16
AS-2022-004: OpenSSL	CVE-2022-0778	Moderate	Resolved	2022-03-29
AS-2022-003: Linux Kernel	CVE-2022-0847	Not affected	Resolved	2022-07-07
AS-2022-002: ADM: DeadBolt ransomware		Critical	Resolved	2022-03-28
AS-2022-001: Samba	CVE-2021-44142	Important	Resolved	2022-02-15
AS-2021-001: Log4Shell (Log4j 2)	CVE-2021-44228, CVE-2021-45046, CVE-2021-44832	Not affected	Resolved	2021-12-16

PSTI Minimum Security Update Duration

Minimum duration of security update support in compliance with the UK PSTI

ASUSTOR guarantees software security updates for its products for a minimum amount of time in compliance with the Product Security and Telecommunications Infrastructure Act. Software security support periods are listed below and are considered as minimum durations. ASUSTOR at its discretion may elect to increase these durations beyond the minimum security support duration.

Device Model	UK PSTI Statement of Compliance	Minimum Duration for Software Security Support
DRIVESTOR 2 Lite (AS1102TL)	Download PDF	Five (5) years from date of first sale
DRIVESTOR 4 (AS1104T)	Download PDF
DRIVESTOR 2 Gen2 (AS1202T)	Download PDF
DRIVESTOR 4 Gen2 (AS1204T)	Download PDF
DRIVESTOR 2 Pro Gen2 (AS3302T v2)	Download PDF
DRIVESTOR 4 Pro Gen2 (AS3304T v2)	Download PDF
NIMBUSTOR 2 (AS5202T)	Download PDF
NIMBUSTOR 4 (AS5304T)	Download PDF
NIMBUSTOR 2 Gen2 (AS5402T)	Download PDF
NIMBUSTOR 4 Gen2 (AS5404T)	Download PDF
LOCKERSTOR 8 (AS6508T)	Download PDF
LOCKERSTOR 10 (AS6510T)	Download PDF
LOCKERSTOR 2 Gen2+ (AS6702T v2)	Download PDF
LOCKERSTOR 2 Gen2 (AS6702T)	Download PDF
LOCKERSTOR 4 Gen2+ (AS6704T v2)	Download PDF
LOCKERSTOR 4 Gen2 (AS6704T)	Download PDF
LOCKERSTOR 6 Gen2+ (AS6706T v2)	Download PDF
LOCKERSTOR 6 Gen2 (AS6706T)	Download PDF
LOCKERSTOR 4 Gen3 (AS6804T)	Download PDF
LOCKERSTOR 6 Gen3 (AS6806T)	Download PDF
LOCKERSTOR 8 Gen3 (AS6808T)	Download PDF
LOCKERSTOR 10 Gen3 (AS6810T)	Download PDF
FLASHSTOR 6 (FS6706T)	Download PDF
FLASHSTOR 6 Gen2 (FS6806X)	Download PDF
FLASHSTOR 12 Pro Gen2 (FS6812X)	Download PDF
FLASHSTOR 12 Pro (FS6712X)	Download PDF
LOCKERSTOR 10 Pro (AS7110T)	Download PDF
LOCKERSTOR 4RS (AS6504RS) / LOCKERSTOR 4RD (AS6504RD)	Download PDF
LOCKERSTOR 12RD (AS6512RD)	Download PDF
LOCKERSTOR 12R Pro (AS7112RDX)	Download PDF
LOCKERSTOR 16R Pro (AS7116RDX)	Download PDF
LOCKERSTOR 12R Pro Gen2 (AS7212RDX)	Download PDF
LOCKERSTOR 16R Pro Gen2 (AS7216RDX)	Download PDF
LOCKERSTOR 24R Pro Gen2 (AS7224RDX)	Download PDF

Personal to Home

Home to Power User

Power User to Business

All-Flash Storage

Small & Medium Business

All Products

Accessories

Expansion Units

ASUSTOR Product Security Advisory

Report Vulnerabilities

PGP Key Information

Product Security Updates

PSTI Minimum Security Update Duration

Support

ASUSTOR Online

About Us

Other Services

Personal to Home

Home to Power User

Power User to Business

All-Flash Storage

Small & Medium Business

All Products

Accessories

Expansion Units

Search

ASUSTOR Product Security Advisory

Report Vulnerabilities

PGP Key Information

Product Security Updates

PSTI Minimum Security Update Duration

Support

ASUSTOR Online

About Us

Other Services