CNNVD-202602-498 Information

CNNVD ID

CNNVD-202602-498

Related CVE

CVE-2026-24933

• CNNVD Published: 2026-02-03

Description (Chinese)

ASUSTOR ADM是中国华芸科技（ASUSTOR）公司的一种所有 ASUSTOR NAS 设备的专用操作系统。 ASUSTOR ADM 4.1.0版本至4.3.3.ROF1版本和5.0.0版本至5.1.1.RCI1版本存在安全漏洞，该漏洞源于API通信组件未验证SSL/TLS证书，可能导致中间人攻击并拦截明文通信。

Description (English)

SUSTOR ADM is a specialized operating system for all ASUSTOR NAS equipment of the Chinese company SUSTOR. There is a security gap between ASUSTOR ADM Version 4.1.0 and between version 5.0.0 and version 5.1.1.RCI1 of ASUSTOR ADM Version 4.3.3.ROF1 and between version 5.0.0 and version 5.1.1.RCI1 resulting from the failure of SSL/TLS certificates to be validated by the API communications component, which may lead to an attack by an intermediary and the interception of an express communication.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

华芸科技

Published

2026-02-03

Last Modified

2026-02-24

References

https://www.asustor.com/security/security_advisory_detail?id=50

Patch

https://www.asustor.com/security/security_advisory_detail?id=50