PT-2026-5766 · Adm · Adm
Nuke
·
Publicado
2026-02-03
·
Atualizado
2026-02-19
·
CVE-2026-24934
CVSS v4.0
6.3
Média
| Vetor | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
ADM versions 4.1.0 through 4.3.3.ROF1
ADM versions 5.0.0 through 5.1.1.RCI1
Description
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. This allows an unauthenticated remote attacker to perform a Man-in-the-Middle (MitM) attack to spoof the response, leading the device to update its DDNS record with an incorrect IP address.
Recommendations
Update ADM to a version later than 4.3.3.ROF1.
Update ADM to a version later than 5.1.1.RCI1.
Correção
Improper Certificate Validation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Adm