Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
ASUSTOR Inc.

ASUSTOR Inc. Vendor Cyber Rating & Cyber Score

asustor.com

Founded in 2011, ASUSTOR Inc. is a leading innovator and provider of private cloud storage (network attached storage) and video surveillance (network video recorder) solutions. We are devoted to providing the world with unparalleled user experiences and the most complete set of network storage solutions possible.


ASUSTOR Inc. A.I CyberSecurity Scoring

ASUSTOR Inc.
Company Information
Website:https://www.asustor.com
Employees number:88
Number of followers:1,508
NAICS:51125
Industry Type:Computer Networking Products
Homepage:asustor.com
ASUSTOR Inc. Risk Score (AI oriented)
Between 700 and 749
logo
ASUSTOR Inc.Computer Networking Products
Updated:
30/04/2026
707/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
ASUSTOR Inc. Global Score (TPRM)
xxxx
logo
ASUSTOR Inc.Computer Networking Products
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

ASUSTOR Inc.
ASUSTOR Inc.Moderate
Current Score
707Ba (MODERATE)
01000
2 incidents
-5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
709Before Incident
JUNE 2026
709Before Incident
MAY 2026
708Before Incident
APRIL 2026
707Before Incident
MARCH 2026
706Before Incident
FEBRUARY 2026
705Before Incident
JANUARY 2026
708Before Incident
Vulnerability
01 Jan 2026ASUSTOR Inc.
ASUSTOR: PoC Released for Critical ASUSTOR ADM Root RCE Vulnerability

Critical Zero-Day Exploit in ASUSTOR ADM PPTP VPN Client Exposes NAS Devices to Root-Level Attacks

703After Incident
CRITICAL-5
ASU1777551827
Critical Zero-Day Exploit in ASUSTOR ADM PPTP VPN Client Exposes NAS Devices to Root-Level Attacks A proof-of-concept (PoC) exploit has been released for CVE-2026-6644, a now-patched critical zero-day vulnerability in ASUSTOR’s ADM PPTP VPN Client. The flaw, rated 9.4 (Critical) under CVSS v4.0, allows authenticated administrators to execute arbitrary commands with root privileges on vulnerable NAS devices. The vulnerability stems from an OS command injection flaw in `/portal/apis/settings/vpn.cgi`, where the PPTP server address parameter is written directly into a `pppd` configuration file without proper input validation. Since `pppd` executes the parameter via `/bin/sh`, a malicious server address can break out of the web environment, enabling root-level command execution. While the flaw requires administrator authentication, its risk is heightened by ASUSTOR’s default credentials (`admin/admin`), making unpatched systems trivially exploitable. Successful exploitation could lead to full system compromise, including malware deployment, data exfiltration, DDoS infrastructure setup, and persistence mechanisms. ### Affected Versions The vulnerability impacts multiple ADM firmware releases: - ADM 4.1.0 – 4.3.3.RR42 - ADM 5.0.0 – 5.1.2.REO1 ### Attack Surface & Exposure Internet scans reveal approximately 19,000 internet-facing ASUSTOR NAS hosts, though not all may be vulnerable or actively exploited. The public PoC increases the urgency for remediation. ### Patch & Mitigations ASUSTOR released a fix in ADM 5.1.3.RGO1 under security advisory AS-2026-006. Recommended actions include: - Updating to ADM 5.1.3.RGO1 or later - Blocking WAN access to the ADM management interface - Changing default credentials - Disabling unused services, including PPTP VPN - Restricting administration to trusted VPN networks Given the severity and public exploit availability, affected deployments should prioritize patching.
INCIDENT DETAILS -
TYPE
Zero-Day Exploit
IMPACT
Data Compromised: Potential data exfiltrationSystems Affected: ASUSTOR NAS devices running vulnerable ADM versionsOperational Impact: Full system compromise, malware deployment, DDoS infrastructure setup, persistence mechanisms
DATA BREACH
Data Exfiltration: Potential data exfiltration
DECEMBER 2025
707Before Incident
NOVEMBER 2025
707Before Incident
OCTOBER 2025
706Before Incident
SEPTEMBER 2025
705Before Incident
AUGUST 2025
704Before Incident
FEBRUARY 2022
752Before Incident
Ransomware
01 Feb 2022ASUSTOR Inc.
ASUSTOR Inc.

DeadBolt Ransomware Attack on ASUSTOR NAS Devices

639After Incident
CRITICAL-113
ASU16381322
ASUSTOR NAS devices are targeted recently by the DeadBolt ransomware group. The attackers encrypted the files on an ASUSTOR device and renamed them with .deadbolt file extension. A ransom note was being displayed on the login screen of the users with a demand for 0.03 bitcoin worth $1150 to receive a decryption key.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain
IMPACT
Systems Affected: ASUSTOR NAS devices
DATA BREACH
Data Encryption: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for ASUSTOR Inc. ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in June 2026 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in May 2026 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in April 2026 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in March 2026 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in February 2026 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in January 2026 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in December 2025 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in November 2025 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in October 2025 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in September 2025 ?
?
What was ASUSTOR Inc.'s A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on ASUSTOR Inc.'s A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with ASUSTOR Inc. ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view ASUSTOR Inc.'s profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
ASUSTOR Inc. Cyber Scoring History | Rankiteo