CVE-2026-24933

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.ROF1 ADM versions 5.0.0 through 5.1.1.RCI1

Description The API communication component does not properly validate SSL/TLS certificates when sending HTTPS requests to the server. This improper certificate validation allows a remote attacker to perform a Man-in-the-Middle (MitM) attack, potentially intercepting cleartext communication and exposing sensitive user information. This information may include account emails, MD5 hashed passwords, and device serial numbers.

Recommendations Update ADM to a version later than 4.3.3.ROF1. Update ADM to a version later than 5.1.1.RCI1.