CVE-2026-24932

An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.

Description

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle (MitM) attack, which may obtain the sensitive information of DDNS updating process, including the user's account email, MD5 hashed password, and device serial number.This issue affects ADM: from 4.1.0 through 4.3.3.ROF1, from 5.0.0 through 5.1.1.RCI1.

INFO

Published Date :

2026-02-03T02:19:41.915Z

Last Modified :

2026-02-03T15:31:15.303Z

Source :

ASUSTOR1

AFFECTED PRODUCTS

The following products are affected by CVE-2026-24932 vulnerability.

Vendors	Products
Asustor	Adm Data Master

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24932.

URL	Resource
https://www.asustor.com/security/security_advisory_detail?id=50

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact