← Zuruck zu CVEs
CVE-2026-6643
CRITICAL9.9
Beschreibung
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
CVE Details
CVSS v3.1 Bewertung9.9
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht4/20/2026
Zuletzt geandert4/22/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
asustor:data_master
Schwachen (CWE)
CWE-121
Referenzen
https://www.asustor.com/security/security_advisory_detail?id=54(security@asustor.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.