CVE-2026-24933

High CVSS: 8.9

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to intercept the cleartext communication, potentially leading to the exposure of sensitive user information, including account emails, MD5 hashed passwords, and device serial numbers.

Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.

Vendor

Asustor

Product

Data Master

CWE

CWE-295

Yayın Tarihi

2026-02-03 03:15:53

Güncelleme

2026-02-19 18:17:38

Source Identifier

security@asustor.com

KEV Date Added

Kategoriler

CWE-295 Data Master HIGH Asustor 2026

Referanslar

https://www.asustor.com/security/security_advisory_detail?id=50

Benzer Kayıtlar

Critical

CVE-2026-3179

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listi…

High

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP ser…

Critical

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerab…

High

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Althou…

Medium

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an externa…

Medium

CVE-2026-24935

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While…