VYPR

Adm

by Asustor

CVEs (45)

  • CVE-2026-24934Feb 3, 2026
    risk 0.00cvss epss 0.00

    The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the response, leading the…

  • CVE-2026-24933Feb 3, 2026
    risk 0.00cvss epss 0.00

    The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to intercept the…

  • CVE-2026-24932Feb 3, 2026
    risk 0.00cvss epss 0.00

    The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a…

  • CVE-2025-13053Dec 12, 2025
    risk 0.00cvss epss 0.00

    When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the…

  • CVE-2025-13052Dec 12, 2025
    risk 0.00cvss epss 0.00

    When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle (MITM) attack, which may…

Page 3 of 3