CVE-2026-6643CRITICAL 9.9EPSS p36.8%

CVE-2026-6643CVE-2026-6643

Description

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.47% probability of exploitation · percentile 36.8% · 2026-06-18T12:00:27Z
Published2026-04-20
Last modified2026-04-22

Underlying weaknesses· 1

CWE-121

References

  1. https://www.asustor.com/security/security_advisory_detail?id=54

1

TypeTargetConfidenceTier
WeaknessStack-based Buffer Overflowcwe-1210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-6644
CVE
CVE-2025-54617
CVE
CVE-2026-24936
CVE
CVE-2026-33446
CVE
CVE-2025-64656
CVE
CVE-2025-41726
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.