CVE-2026-6643
Stack-Based Buffer Overflow in ADM VPN Client Enables RCE
Publication date: 2026-04-20
Last updated on: 2026-04-22
Assigner: ASUSTOR, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asustor | data_master | From 5.0.0.ra82 (inc) to 5.1.2.reo1 (exc) |
| asustor | data_master | From 4.1.0.rhu2 (inc) to 4.3.3.RR42 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated remote attacker to execute arbitrary code with the privileges of the web server user, impacting confidentiality, integrity, and availability of the affected system.
Such a compromise could lead to unauthorized access or manipulation of sensitive data, which may result in non-compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and health information.
Therefore, if exploited, this vulnerability could negatively affect an organization's ability to comply with these common standards and regulations by exposing protected data or disrupting system operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are strongly advised to upgrade their ASUSTOR Data Master (ADM) operating system to version 5.1.3.RGL1 or later, where the issue has been fixed.
Since the vulnerability requires authentication but no user interaction, ensuring that only trusted users have access to the VPN Clients and the ADM web server is also important as an immediate protective measure.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects specific versions of ASUSTOR Data Master (ADM) VPN Clients, specifically versions from 4.1.0 through 4.3.3.RR42 and from 5.0.0 through 5.1.2.REO1.
To detect if your system is vulnerable, you can check the ADM version running on your device.
Suggested commands to check the ADM version might include:
- SSH into the ADM device and run a command to display the OS version, for example: `cat /etc/os-release` or `uname -a`.
- Check the ADM version via the web interface or system information panel.
Since the vulnerability requires authentication and involves the VPN client, monitoring for unusual or unauthorized VPN client activity or attempts to exploit buffer overflow behavior could also be useful, but no specific detection commands or signatures are provided.
Upgrading to ADM version 5.1.3.RGL1 or later is strongly recommended to mitigate this vulnerability.
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow found in the VPN Clients on the ADM platform. It occurs because the software uses an unbounded sscanf() function and passes user-controlled data directly to printf(), which can lead to memory corruption. Additionally, the affected versions lack PIE (Position Independent Executable) and Stack Canary protections, which normally help prevent exploitation. As a result, an authenticated remote attacker can exploit this flaw to execute arbitrary code with the privileges of the web server user.
How can this vulnerability impact me? :
The impact of this vulnerability is severe because it allows an authenticated remote attacker to execute arbitrary code on the affected system. This means the attacker could potentially take control of the web server process, leading to unauthorized actions such as data theft, system manipulation, or further network compromise.