← Voltar para CVEs
CVE-2026-6643
CRITICAL9.9
Descricao
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
Detalhes CVE
Pontuacao CVSS v3.19.9
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado4/20/2026
Ultima modificacao4/22/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
asustor:data_master
Fraquezas (CWE)
CWE-121
Referencias
https://www.asustor.com/security/security_advisory_detail?id=54(security@asustor.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.