← Zuruck zu CVEs
CVE-2026-24933
MEDIUM5.9
Beschreibung
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to intercept the cleartext communication, potentially leading to the exposure of sensitive user information, including account emails, MD5 hashed passwords, and device serial numbers. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.
CVE Details
CVSS v3.1 Bewertung5.9
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/3/2026
Zuletzt geandert2/19/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
asustor:data_master
Schwachen (CWE)
CWE-295
Referenzen
https://www.asustor.com/security/security_advisory_detail?id=50(security@asustor.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.