CVE-2026-24932
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Tags
Description
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle (MitM) attack, which may obtain the sensitive information of DDNS updating process, including the user's account email, MD5 hashed password, and device serial number.This issue affects ADM: from 4.1.0 through 4.3.3.ROF1, from 5.0.0 through 5.1.1.RCI1.
Analysis
Improper TLS/SSL certificate validation in ADM's DDNS update function (versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.1.RCI1) enables remote man-in-the-middle attacks to intercept HTTPS communications and extract sensitive data including user email, MD5 hashed passwords, and device serial numbers. An unauthenticated attacker on the network can exploit this weakness without user interaction to compromise DDNS update credentials. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today