CVE-2026-24934 – This CVE describes an insecure DDNS implementat... (How to Fix)

Q: What is the severity of CVE-2026-24934?

CVE-2026-24934 has a CVSS score of N/A (Unknown). This CVE describes an insecure DDNS implementation in ASUSTOR ADM software where HTTP connections lack SSL/TLS certificate validation. Unauthenticated attackers can perform MitM attacks to spoof WAN IP responses, causing devices to update DDNS records with incorrect IP addresses. Affected systems include ASUSTOR NAS devices running ADM versions 4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.1.RCI1.

📋 TL;DR

This CVE describes an insecure DDNS implementation in ASUSTOR ADM software where HTTP connections lack SSL/TLS certificate validation. Unauthenticated attackers can perform MitM attacks to spoof WAN IP responses, causing devices to update DDNS records with incorrect IP addresses. Affected systems include ASUSTOR NAS devices running ADM versions 4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.1.RCI1.

💻 Affected Systems

Products:

ASUSTOR NAS devices

Versions: ADM 4.1.0 through 4.3.3.ROF1 and ADM 5.0.0 through 5.1.1.RCI1

Operating Systems: ASUSTOR ADM (Linux-based NAS OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with DDNS enabled and configured to use vulnerable external IP lookup services.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers redirect all traffic intended for the device to malicious servers, enabling credential theft, data interception, or ransomware deployment.

🟠

Likely Case

Temporary service disruption as legitimate users cannot reach the device via its DDNS hostname.

🟢

If Mitigated

Limited impact if DDNS is disabled or devices are behind properly configured firewalls with restricted external access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires MitM position between device and DDNS IP lookup server.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ADM 4.3.3.ROF2 and ADM 5.1.1.RCI2

Vendor Advisory: https://www.asustor.com/security/security_advisory_detail?id=50

Restart Required: Yes

Instructions:

1. Log into ADM web interface. 2. Go to Settings > ADM Update. 3. Check for updates. 4. Install ADM 4.3.3.ROF2 or ADM 5.1.1.RCI2. 5. Reboot the NAS when prompted.

🔧 Temporary Workarounds

Disable DDNS

all

Temporarily disable Dynamic DNS functionality to eliminate the attack vector.

Navigate to Settings > DDNS in ADM web interface and disable all DDNS services

Use Static IP

all

Configure device with static WAN IP instead of relying on DDNS.

Configure network settings with static IP from your ISP or network administrator

🧯 If You Can't Patch

Disable DDNS functionality completely
Restrict device to internal network only and disable external access

🔍 How to Verify

Check if Vulnerable:

Check ADM version in Settings > ADM Update. If version is between 4.1.0-4.3.3.ROF1 or 5.0.0-5.1.1.RCI1, and DDNS is enabled, system is vulnerable.

Check Version:

ssh admin@nas-ip 'cat /etc/nas.conf | grep version'

Verify Fix Applied:

Confirm ADM version is 4.3.3.ROF2 or 5.1.1.RCI2 or later in Settings > ADM Update.

📡 Detection & Monitoring

Log Indicators:

Unexpected DDNS update failures
DDNS updates with unusual IP addresses
SSL/TLS certificate validation errors in system logs

Network Indicators:

Unencrypted HTTP traffic to DDNS IP lookup services
DNS queries returning unexpected IP addresses for DDNS hostnames

SIEM Query:

source="asustor_nas" (event="ddns_update" AND (ip="0.0.0.0" OR ip="127.0.0.1" OR ip="192.168.*" OR ip="10.*" OR ip="172.16.*"))

📊 Metadata

CVE ID: CVE-2026-24934

CVSS v3 Score: N/A (Unknown)

CWE: CWE-295

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://www.asustor.com/security/security_advisory_detail?id=50