We use cookies to help us improve our webpage. Please read our Cookie Policy .

ASUSTOR Product Security Advisory

ASUSTOR is committed to customer and data safety as well as the security of our products. We encourage developers and members of the public to report any potential or confirmed security vulnerabilities found on an ASUSTOR product to the ASUSTOR Security Response Team.

Report Vulnerabilities

To report security issues that affect ASUSTOR products, please use the below PGP key to encrypt your email message, and send it to security@asustor.com. This email address cannot send out replies. For tech support, visit our support center instead.

PGP Key Information

We recommend using the below PGP key to encrypt your email for reporting security vulnerabilities to ASUSTOR.

Product Security Updates

To protect users, ASUSTOR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, vulnerabilities shall be announced on ASUSTOR 's official website.

Advisory CVE Severity Status Last Updated
AS-2022-016: Samba CVE-2022-3437, CVE-2022-3592, CVE-2022-42898 Moderate Ongoing 2022-11-15
AS-2022-015: OpenSSL CVE-2022-3602, CVE-2022-3786 Not affected Resolved 2022-11-14
AS-2022-014: Samba CVE-2022-2031, CVE-2022-32744, CVE-2022-32746... Important Ongoing 2022-09-28
AS-2022-013: Apache HTTP Server CVE-2022-26377, CVE-2022-28330, CVE-2022-28614... Moderate Resolved 2022-08-17
AS-2022-012: OpenLDAP CVE-2022-29155, CVE-2020-36221, CVE-2020-25710... Important Resolved 2022-08-29
AS-2022-011: ADM CVE-2022-37398 Important Resolved 2022-08-29
AS-2022-010: PHP CVE-2022-31625, CVE-2022-31626 Important Resolved 2022-08-03
AS-2022-009: OpenSSL CVE-2022-2068, CVE-2022-2097 Moderate Resolved 2022-08-29
AS-2022-008: ADM: DeadBolt ransomware Critical Resolved 2022-06-14
AS-2022-007: OpenSSL CVE-2022-1292, CVE-2022-1343, CVE-2022-1434... Moderate Resolved 2022-05-30
AS-2022-006: Netatalk CVE-2021-31439, CVE-2022-23121, CVE-2022-23122... Important Resolved 2022-05-06
AS-2022-005: Apache HTTP Server CVE-2022-22719, CVE-2022-22720, CVE-2022-22721... Important Resolved 2022-05-16
AS-2022-004: OpenSSL CVE-2022-0778 Moderate Resolved 2022-03-29
AS-2022-003: Linux Kernel CVE-2022-0847 Not affected Resolved 2022-07-07
AS-2022-002: ADM: DeadBolt ransomware Critical Resolved 2022-03-28
AS-2022-001: Samba CVE-2021-44142 Important Resolved 2022-02-15
AS-2021-001: Log4Shell (Log4j 2) CVE-2021-44228, CVE-2021-45046, CVE-2021-44832 Not affected Resolved 2021-12-16