PT-2026-5766 · Adm · Adm
Nuke
·
Published
2026-02-03
·
Updated
2026-02-19
·
CVE-2026-24934
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
ADM versions 4.1.0 through 4.3.3.ROF1
ADM versions 5.0.0 through 5.1.1.RCI1
Description
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. This allows an unauthenticated remote attacker to perform a Man-in-the-Middle (MitM) attack to spoof the response, leading the device to update its DDNS record with an incorrect IP address.
Recommendations
Update ADM to a version later than 4.3.3.ROF1.
Update ADM to a version later than 5.1.1.RCI1.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adm