216.73.216.133

CVE-2026-24935

· Published 03/02/2026 03:15 · Modified 03/02/2026 16:44

Labels: CVE-2026-24935 2026-02-03CVE-2026-24935CWE-295[email protected]

Essential information

Published
03/02/2026 03:15
Modified
03/02/2026 16:44
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle (MitM) attacker can intercept or redirect the NAT tunnel establishment. This could allow an attacker to disrupt service availability or facilitate further targeted attacks by acting as a proxy between the user and the device services. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
asustor / adm cpe:2.3:a:asustor:adm:4.1.0-4.3.3.rof1:*:*:*:*:*:*:*
asustor / adm cpe:2.3:a:asustor:adm:5.0.0-5.1.1.rci1:*:*:*:*:*:*:*

References