CVE-2026-24932

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.ROF1 ADM versions 5.0.0 through 5.1.1.RCI1

Description The DDNS update function does not properly validate the hostname of the DDNS server’s TLS/SSL certificate. Despite using HTTPS, improper validation allows a remote attacker to intercept communication, potentially performing a Man-in-the-Middle (MitM) attack. This could lead to the compromise of sensitive information during the DDNS updating process, including the user’s account email, MD5 hashed password, and device serial number.

Recommendations Update ADM to a version later than 4.3.3.ROF1 Update ADM to a version later than 5.1.1.RCI1