CVE-2026-6643
Published: Apr 20, 2026
Modified: Apr 20, 2026
Description
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
| Vendor | Product | Versions |
|---|---|---|
ASUSTOR Inc. | ADM | affected 4.1.0 - <= 4.3.3.RR42affected 5.0.0 - <= 5.1.2.REO1 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now