We use cookies to help us improve our webpage. Please read our Cookie Policy .

ASUSTOR Product Security Advisory

AS-2026-005: VPN Clients

2026-04-20

Severity

Important

Status

Ongoing

Statement

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.

  • The issues have been fixed on ADM 5.1.3.RGL1.

Affected Products

Product Severity Fixed Release Availability
ADM 5.0 Important Upgrade to ADM 5.1.3.RGL1 or above
ADM 4.3, ADM 4.2 and 4.1 Important Ongoing

Detail

  • CVE-2026-6643
    • Severity: High
    • CVSS4 Base Score: 8.6
    • CVSS4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
    • A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.

Reference

Acknowledgement

YU-XIANG HUANG (mlgzackfly)


Revision

Revision Date Description
1 2026-04-20 Initial public release.
2 2026-04-20 CVE ID (CVE-2026-6643) is assigned for the issue.
3 2026-04-22 ADM 5.1.3.RGL1 have been released for fixing the issues.