Primary

Context

Asustor ADM Third-Party NAT Traversal Module SSL/TLS Certificate Validation Vulnerability

Vulnerability

Patched

A vulnerability exists in a third-party NAT traversal module within Asustor's ADM operating system, specifically in versions 4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.1.RCI1. The module fails to properly validate SSL/TLS certificates when connecting to the signaling server. This oversight allows a Man-in-the-Middle (MitM) attacker to intercept or redirect the establishment of NAT tunnels. While accessing device services afterward requires additional authentication, this vulnerability could enable an attacker to disrupt service availability or conduct further targeted attacks by proxying between the user and the device services.

Impact

Exploitation of this vulnerability could lead to intercepted communications, allowing an attacker to disrupt services or facilitate targeted attacks by acting as a proxy between the user and device services.

Remediation

Users can update to Asustor ADM version 5.1.2.RE31, which addresses this vulnerability.

Added: Feb 3, 2026, 3:25 AM

Updated: Feb 3, 2026, 3:25 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

3.1

exploitability

6.0

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

3.1

exploitability

6.0

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Asustor ADM Third-Party NAT Traversal Module SSL/TLS Certificate Validation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ASUSTOR ADM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating