The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-24934

CVE-2026-24934: ADM DDNS Information Disclosure Flaw

CVE-2026-24934 is an information disclosure vulnerability in ADM's DDNS function allowing MitM attacks to manipulate IP address updates. This post covers the technical details, affected versions, impact, and mitigation.

Published: February 6, 2026

CVE-2026-24934 Overview

CVE-2026-24934 is an Improper Certificate Validation vulnerability affecting ASUSTOR ADM (ASUSTOR Data Master) NAS operating system. The vulnerability exists in the Dynamic DNS (DDNS) functionality, which uses an insecure HTTP connection or fails to properly validate SSL/TLS certificates when querying external servers for the device's WAN IP address. This security flaw allows an unauthenticated remote attacker to perform Man-in-the-Middle (MitM) attacks to spoof responses, ultimately causing the device to update its DDNS record with an incorrect IP address.

Critical Impact

Successful exploitation enables attackers to redirect traffic intended for the NAS device to attacker-controlled infrastructure by manipulating DDNS records through MitM attacks, potentially leading to data interception, phishing, or service disruption.

Affected Products

  • ASUSTOR ADM 4.1.0 through ADM 4.3.3.ROF1
  • ASUSTOR ADM 5.0.0 through ADM 5.1.1.RCI1

Discovery Timeline

  • 2026-02-03 - CVE-2026-24934 published to NVD
  • 2026-02-03 - Last updated in NVD database

Technical Details for CVE-2026-24934

Vulnerability Analysis

This vulnerability stems from improper certificate validation (CWE-295) in the DDNS feature of ASUSTOR ADM. When the NAS device needs to determine its public WAN IP address for DDNS updates, it queries an external server. The implementation either uses an insecure HTTP connection instead of HTTPS, or when HTTPS is used, it fails to properly validate the SSL/TLS certificate presented by the server. This allows an attacker positioned between the NAS device and the external IP lookup service to intercept and modify the response.

The attack requires network positioning that enables traffic interception, which can be achieved through ARP spoofing, DNS hijacking, or compromising network infrastructure between the NAS and the external service. Once positioned, the attacker can return a spoofed IP address, causing the NAS to update its DDNS record to point to an attacker-controlled server.

Root Cause

The root cause is improper implementation of secure communications in the DDNS module. Specifically, the vulnerability is classified under CWE-295 (Improper Certificate Validation), indicating that the code either bypasses certificate verification, accepts self-signed certificates without validation, or uses plain HTTP for sensitive operations that should require authenticated and encrypted channels. This design flaw allows attackers to present fraudulent certificates or intercept unencrypted traffic without detection.

Attack Vector

The attack vector is network-based and requires no authentication or user interaction. An attacker capable of performing a Man-in-the-Middle attack on the network path between the ASUSTOR NAS device and the external IP lookup service can exploit this vulnerability. The attack flow involves:

  1. Positioning on the network to intercept traffic from the target NAS device
  2. Intercepting the outgoing request to the external IP lookup service
  3. Responding with a spoofed IP address instead of the legitimate response
  4. The NAS device accepts the spoofed response and updates its DDNS record
  5. All traffic intended for the NAS is now redirected to the attacker's specified IP

The vulnerability mechanism involves the DDNS client making HTTP requests or improperly validated HTTPS requests to external services. When the device sends a request to determine its public IP, an attacker in a MitM position can intercept this request and return a malicious response containing an attacker-controlled IP address. See the Asustor Security Advisory #50 for additional technical details.

Detection Methods for CVE-2026-24934

Indicators of Compromise

  • Unexpected changes to DDNS records pointing to unfamiliar IP addresses
  • Outbound HTTP traffic from NAS devices to IP lookup services that should use HTTPS
  • SSL/TLS certificate warnings or errors in network logs related to DDNS operations
  • Traffic from NAS devices being routed through unexpected network paths

Detection Strategies

  • Monitor DDNS record changes for your ASUSTOR NAS devices and alert on unexpected modifications
  • Implement network monitoring to detect potential ARP spoofing or MitM attacks on segments containing NAS devices
  • Review ADM version numbers across all ASUSTOR devices to identify vulnerable installations
  • Deploy network intrusion detection rules to identify unencrypted traffic to common IP lookup services

Monitoring Recommendations

  • Enable comprehensive logging on ASUSTOR ADM devices and centralize logs for analysis
  • Monitor network traffic patterns for anomalies in DDNS-related communications
  • Implement DNS monitoring to detect unauthorized changes to DDNS-managed hostnames
  • Configure alerts for any configuration changes on NAS devices, particularly network-related settings

How to Mitigate CVE-2026-24934

Immediate Actions Required

  • Update ASUSTOR ADM to the latest patched version as specified in the vendor advisory
  • Audit current DDNS records to verify they point to legitimate IP addresses
  • Consider temporarily disabling DDNS functionality until patches are applied
  • Implement network segmentation to isolate NAS devices from potentially compromised network segments

Patch Information

ASUSTOR has released security updates to address this vulnerability. Administrators should refer to Asustor Security Advisory #50 for specific patch versions and update instructions. Users running ADM versions 4.1.0 through 4.3.3.ROF1 or 5.0.0 through 5.1.1.RCI1 should prioritize updating to patched releases.

Workarounds

  • Disable the DDNS feature if not required for business operations
  • Use a VPN or secure tunnel to access NAS devices instead of relying on DDNS
  • Manually configure static DNS entries as an alternative to dynamic updates
  • Implement network-level protections such as 802.1X authentication to reduce MitM attack surface

If DDNS functionality is required before patching, consider implementing additional network monitoring and access controls. Ensure network infrastructure uses secure protocols and proper certificate validation to minimize the risk of MitM attacks on the network path between the NAS and external services.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechAdm
  • SeverityMEDIUM
  • CVSS Score6.3
  • EPSS Probability0.06%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-295
  • Technical References
  • Asustor Security Advisory #50
  • Related CVEs
  • CVE-2026-24932: ADM DDNS Information Disclosure Flaw
  • CVE-2026-24933: ADM Certificate Validation Vulnerability
  • CVE-2026-24936: ADM Active Directory RCE Vulnerability
  • CVE-2026-24935: ADM NAT Traversal DoS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English