CVE-2026-24935

N/A Unknown

📋 TL;DR

This vulnerability allows a Man-in-the-Middle attacker to intercept or redirect NAT tunnel establishment due to improper SSL/TLS certificate validation in a third-party NAT traversal module. While subsequent device access requires authentication, attackers can disrupt service availability or act as proxies for targeted attacks. Affected systems include ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.1.RCI1.

💻 Affected Systems

Products:
  • ASUSTOR ADM
Versions: from ADM 4.1.0 through ADM 4.3.3.ROF1 and from ADM 5.0.0 through ADM 5.1.1.RCI1
Operating Systems: ASUSTOR ADM Linux-based OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using the vulnerable third-party NAT traversal module for signaling server connections.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker establishes persistent MitM position, intercepting all NAT tunnel traffic, disrupting service availability, and potentially facilitating credential theft or further attacks against device services.

🟠

Likely Case

Service disruption through NAT tunnel interception or redirection, potentially causing connectivity issues for affected devices.

🟢

If Mitigated

Limited to temporary service disruption during NAT tunnel establishment, with subsequent authentication preventing deeper system compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires MitM position on network path between device and signaling server during NAT tunnel establishment.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ADM 4.3.4.RCU1 and ADM 5.1.2.RCJ1

Vendor Advisory: https://www.asustor.com/security/security_advisory_detail?id=50

Restart Required: Yes

Instructions:

1. Log into ADM web interface. 2. Navigate to Settings > ADM Update. 3. Check for updates and install ADM 4.3.4.RCU1 or ADM 5.1.2.RCJ1. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Disable NAT Traversal

all

Temporarily disable the vulnerable NAT traversal module to prevent exploitation.

Navigate to Settings > Network > NAT Traversal and disable all NAT traversal options

Network Segmentation

all

Isolate affected devices from untrusted networks to limit MitM opportunities.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected devices
  • Monitor for unusual NAT tunnel establishment patterns or connection failures

🔍 How to Verify

Check if Vulnerable:

Check ADM version in Settings > ADM Update. If version is between 4.1.0-4.3.3.ROF1 or 5.0.0-5.1.1.RCI1, system is vulnerable.

Check Version:

ssh admin@[nas-ip] 'cat /etc/nas.conf | grep version'

Verify Fix Applied:

Verify ADM version is 4.3.4.RCU1 or higher for 4.x branch, or 5.1.2.RCJ1 or higher for 5.x branch.

📡 Detection & Monitoring

Log Indicators:

  • Failed NAT tunnel connections
  • Unexpected SSL/TLS certificate warnings in system logs
  • Multiple connection attempts to signaling servers

Network Indicators:

  • Unusual traffic patterns during NAT tunnel establishment
  • SSL/TLS handshake anomalies to signaling servers

SIEM Query:

source="asustor_logs" AND (event="nat_tunnel_failed" OR event="ssl_certificate_error")

📊 Metadata

CVE ID: CVE-2026-24935
CVSS v3 Score: N/A (Unknown)
CWE: CWE-295
Published: February 3, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This