Adm
by Asustor
CVEs (45)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24934 | 0.00 | — | 0.00 | Feb 3, 2026 | The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the response, leading the… | |||
| CVE-2026-24933 | 0.00 | — | 0.00 | Feb 3, 2026 | The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to intercept the… | |||
| CVE-2026-24932 | 0.00 | — | 0.00 | Feb 3, 2026 | The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a… | |||
| CVE-2025-13053 | 0.00 | — | 0.00 | Dec 12, 2025 | When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the… | |||
| CVE-2025-13052 | 0.00 | — | 0.00 | Dec 12, 2025 | When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle (MITM) attack, which may… |
- CVE-2026-24934Feb 3, 2026risk 0.00cvss —epss 0.00
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the response, leading the…
- CVE-2026-24933Feb 3, 2026risk 0.00cvss —epss 0.00
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to intercept the…
- CVE-2026-24932Feb 3, 2026risk 0.00cvss —epss 0.00
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a…
- CVE-2025-13053Dec 12, 2025risk 0.00cvss —epss 0.00
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the…
- CVE-2025-13052Dec 12, 2025risk 0.00cvss —epss 0.00
When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle (MITM) attack, which may…
Page 3 of 3