CVE-2026-6643
published 2026-04-20CVE-2026-6643: A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing…
PriorityP268critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.47%
37.0th percentile
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asustor | data_master | >= 4.1.0.rhu2 < 4.3.3.RR42 | 4.3.3.RR42 |
| asustor | data_master | >= 5.0.0.ra82 < 5.1.2.reo1 | 5.1.2.reo1 |
| asustor_inc | adm | 4.1.0 – 4.3.3.RR42 | — |
| asustor_inc | adm | 5.0.0 – 5.1.2.REO1 | — |
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ASUSTOR ADM up to 4.3.3.RR42/5.1.2.REO1 VPN Client sscanf stack-based overflow (EUVD-2026-23786)
vuldb·2026-04-20·CVSS 8.6
CVE-2026-6643 [HIGH] ASUSTOR ADM up to 4.3.3.RR42/5.1.2.REO1 VPN Client sscanf stack-based overflow (EUVD-2026-23786)
A vulnerability classified as critical has been found in ASUSTOR ADM up to 4.3.3.RR42/5.1.2.REO1. The affected element is the function sscanf of the component VPN Client. Performing a manipulation results in stack-based buffer overflow.
This vulnerability is reported as CVE-2026-6643. The attack is possible to be carried out remotely. No exploit exists.
GHSA
GHSA-46vm-f48w-xhvv: A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM
ghsa_unreviewed·2026-04-20
CVE-2026-6643 [HIGH] CWE-121 GHSA-46vm-f48w-xhvv: A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-20
Published