CVE-2026-6643

A stack-based buffer overflow vulnerability in the VPN Clients on the ADM

Description

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.

INFO

Published Date :

2026-04-20T06:34:27.511Z

Last Modified :

2026-04-20T06:34:27.511Z

Source :

ASUSTOR1

AFFECTED PRODUCTS

The following products are affected by CVE-2026-6643 vulnerability.

Vendors	Products
Asustor	Adm

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-6643.

URL	Resource
https://www.asustor.com/security/security_advisory_detail?id=54

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability