CVE-2026-6643

216.73.217.22

· Published 20/04/2026 07:16 · Modified 20/04/2026 19:05

Labels: CVE-2026-6643 2026-04-20 CVE-2026-6643 CWE-121 [email protected]

Essential information

Published: 20/04/2026 07:16
Modified: 20/04/2026 19:05
Author: —
Creator: —
CVSS: 8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
asustor / adm	`cpe:2.3:a:asustor:adm:4.1.0-4.3.3.RR42:::::::*`
asustor / adm	`cpe:2.3:a:asustor:adm:5.0.0-5.1.2.REO1:::::::*`