CVE-2026-24936 | THREATINT

Description

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can overwrite critical system files, leading to a complete system compromise. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.

PUBLISHED Reserved 2026-01-28 | Published 2026-02-03 | Updated 2026-02-03 | Assigner ASUSTOR1

CRITICAL: 9.5CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

4.1.0 (custom)

affected

5.0.0 (custom)

affected

Credits

Wilson Lu (@93wilsonlu), working with DEVCORE Internship Program finder

References

www.asustor.com/security/security_advisory_detail?id=51 vendor-advisory

cve.org (CVE-2026-24936)

nvd.nist.gov (CVE-2026-24936)

Download JSON