Description
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
Published: 2026-04-20
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow in the VPN Clients on the ADM is caused by an unbounded sscanf and unsafe printf usage. The lack of PIE and stack canaries allows an authenticated remote attacker to supply crafted input and execute arbitrary code as the web server user. The flaw grants full control over the system hosting the ADM, enabling the attacker to run commands, install malware, or pivot to other network assets.

Affected Systems

The vulnerability affects ASUSTOR Inc. Advanced Data Manager (ADM) devices running firmware versions 4.1.0 through 4.3.3.RR42 and 5.0.0 through 5.1.2.REO1. Users of these firmware releases are at risk unless updated beyond the listed versions.

Risk and Exploitability

The CVSS base score is 8.6, indicating a high severity. The EPSS score is not available, but the vulnerability is not listed in the CISA KEV catalog. Exploitation requires authenticated remote access to the ADM, typically through the VPN client or web interface, and the attacker must send payloads that trigger the overflow. Once executed, the attacker gains code execution privileges as the web server user, potentially compromising the entire system.

Generated by OpenCVE AI on April 20, 2026 at 08:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the ADM firmware to the latest release that includes the buffer overflow fix, which is available for versions beyond 5.1.2.REO1.
  • If a firmware update cannot be applied immediately, disable or remove the vulnerable VPN client or block its network ports to prevent exploitation.
  • Restrict access to the ADM web interface to trusted IP addresses and enforce strong authentication, including two-factor authentication if supported.

Generated by OpenCVE AI on April 20, 2026 at 08:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Asustor
Asustor adm
Vendors & Products Asustor
Asustor adm

Mon, 20 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
Title A stack-based buffer overflow vulnerability in the VPN Clients on the ADM
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Asustor Adm
cve-icon MITRE

Status: PUBLISHED

Assigner: ASUSTOR1

Published:

Updated: 2026-04-20T13:46:07.764Z

Reserved: 2026-04-20T04:06:43.009Z

Link: CVE-2026-6643

cve-icon Vulnrichment

Updated: 2026-04-20T13:44:50.037Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-20T07:16:16.543

Modified: 2026-04-20T19:05:30.750

Link: CVE-2026-6643

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T08:30:02Z

Weaknesses