Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Feb 3, 2026
An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.
CVE-2026-24934
Description
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the response, leading the device to update its DDNS record with an incorrect IP address. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- www.asustor.com/security/security_advisory_detailmitrevendor-advisory
News mentions
0No linked articles in our index yet.