CVE-2026-24935
SSL/TLS Validation Bypass in ADM NAT Module Enables MitM Attack
Publication date: 2026-02-03
Last updated on: 2026-02-19
Assigner: ASUSTOR, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asustor | data_master | From 4.1.0.rhu2 (inc) to 4.3.3.rof1 (inc) |
| asustor | data_master | From 5.0.0.ra82 (inc) to 5.1.2.re51 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a third-party NAT traversal module that does not properly validate SSL/TLS certificates when connecting to the signaling server. As a result, a Man-in-the-Middle (MitM) attacker can intercept or redirect the NAT tunnel establishment process. Although further authentication is required to access device services, the attacker could disrupt service availability or act as a proxy to facilitate additional targeted attacks between the user and the device services.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to intercept or redirect the NAT tunnel establishment, potentially disrupting service availability. Additionally, by acting as a proxy between the user and device services, the attacker could facilitate further targeted attacks, compromising the security and reliability of the affected device services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know