CVE-2026-24934 is a vulnerability categorized under CWE-295 (Improper Certificate Validation) found in ASUSTOR's ADM operating system, specifically affecting the Dynamic DNS (DDNS) functionality. The DDNS feature queries an external server to determine the device's WAN IP address, but it either uses an insecure HTTP connection or fails to properly validate the SSL/TLS certificate when using HTTPS. This improper validation allows an unauthenticated remote attacker positioned on the network path to conduct a Man-in-the-Middle (MitM) attack. By intercepting and spoofing the response from the external server, the attacker can cause the ADM device to update its DDNS record with a falsified IP address. This can lead to misdirection of network traffic, potential denial of service, or redirection to malicious endpoints. The vulnerability affects ADM versions from 4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.1.RCI1. The CVSS v4.0 score is 6.3 (medium severity), reflecting network attack vector, no privileges or user interaction required, and limited impact on integrity and availability. No patches or exploits are currently publicly available, but the risk remains due to the nature of the flaw and the widespread use of ASUSTOR NAS devices in enterprise and SMB environments.

For European organizations, exploitation of this vulnerability could disrupt network operations by corrupting DDNS records, leading to misrouting of traffic or denial of service. This is particularly impactful for organizations relying on ASUSTOR ADM devices for remote access, backup, or file sharing services that depend on accurate DDNS resolution. Attackers could redirect legitimate traffic to malicious servers, potentially facilitating further attacks such as credential theft or malware deployment. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing risk in environments where network traffic can be intercepted, such as public or poorly segmented networks. While the vulnerability does not directly compromise data confidentiality or device integrity, the indirect effects on availability and trustworthiness of network services can be significant. European entities with critical infrastructure or sensitive data hosted on ASUSTOR devices are at higher risk of operational disruption.

Organizations should immediately inventory their ASUSTOR ADM devices to identify affected versions (4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.1.RCI1). Although no patches are currently available, administrators should disable the DDNS feature if not essential or configure it to use secure, validated connections only. Network-level mitigations include enforcing strict TLS interception policies, deploying network segmentation to isolate ADM devices, and using VPNs to protect management traffic. Monitoring DNS records for unexpected changes can help detect exploitation attempts. Additionally, organizations should implement network intrusion detection systems capable of identifying MitM attack patterns. Once ASUSTOR releases patches, prompt application is critical. Regularly updating device firmware and validating certificate chains in all external communications are best practices to prevent similar vulnerabilities.