8.9
CVE-2026-24932
- EPSS 0.21%
- Veröffentlicht 03.02.2026 03:15:53
- Zuletzt bearbeitet 19.02.2026 18:16:57
- Quelle security@asustor.com
- CVE-Watchlists
- Unerledigt
An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle (MitM) attack, which may obtain the sensitive information of DDNS updating process, including the user's account email, MD5 hashed password, and device serial number.This issue affects ADM: from 4.1.0 through 4.3.3.ROF1, from 5.0.0 through 5.1.1.RCI1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asustor ≫ Data Master Version >= 4.1.0.rhu2 <= 4.3.3.rof1
Asustor ≫ Data Master Version >= 5.0.0.ra82 < 5.1.2.re51
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.106 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@asustor.com | 8.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://www.asustor.com/security/security_advisory_detail?id=50