6.3
CVE-2026-24934
- EPSS 0.16%
- Veröffentlicht 03.02.2026 03:15:53
- Zuletzt bearbeitet 19.02.2026 18:18:18
- Quelle security@asustor.com
- CVE-Watchlists
- Unerledigt
An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the response, leading the device to update its DDNS record with an incorrect IP address. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asustor ≫ Data Master Version >= 4.1.0.rhu2 <= 4.3.3.rof1
Asustor ≫ Data Master Version >= 5.0.0.ra82 < 5.1.2.re51
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.051 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@asustor.com | 6.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://www.asustor.com/security/security_advisory_detail?id=50