CNNVD-202602-496 Information

CNNVD ID

CNNVD-202602-496

Related CVE

CVE-2026-24935

• CNNVD Published: 2026-02-03

Description (Chinese)

ASUSTOR ADM是中国华芸科技（ASUSTOR）公司的一种所有 ASUSTOR NAS 设备的专用操作系统。 ASUSTOR ADM 4.1.0版本至4.3.3.ROF1版本和5.0.0版本至5.1.1.RCI1版本存在安全漏洞，该漏洞源于第三方NAT穿越模块未验证SSL/TLS证书，可能导致中间人攻击并拦截或重定向NAT隧道建立。

Description (English)

SUSTOR ADM is a specialized operating system for all ASUSTOR NAS equipment of the Chinese company SUSTOR. There is a security loophole between ASUSTOR ADM 4.1.0 and 4.3.3.ROF1 and between 5.0.0 and 5.1.1.RCI1 which stems from the failure of the third party NAT to validate the SSL/TLS certificate through the module, which could lead to an attack by an intermediary and the interception or redirection of the NAT tunnel.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

华芸科技

Published

2026-02-03

Last Modified

2026-02-24

References

https://www.asustor.com/security/security_advisory_detail?id=50

Patch

https://www.asustor.com/security/security_advisory_detail?id=50