← Retour aux CVEs
CVE-2026-6643
CRITICAL9.9
Description
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
Details CVE
Score CVSS v3.19.9
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie4/20/2026
Derniere modification4/22/2026
Sourcenvd
Observations honeypot0
Produits affectes
asustor:data_master
Faiblesses (CWE)
CWE-121
References
https://www.asustor.com/security/security_advisory_detail?id=54(security@asustor.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.