EUVD-2026-23786
GHSA-46vm-f48w-xhvv
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
AnalysisAI
Remote code execution in ASUSTOR ADM (4.1.0-4.3.3.RR42 and 5.0.0-5.1.2.REO1) allows authenticated high-privilege attackers to execute arbitrary code via stack-based buffer overflow in VPN client components. The vulnerability combines unbounded sscanf() calls with format string weaknesses (printf with user-controlled data), exploitable due to absent PIE and stack canary protections. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all ASUSTOR ADM deployments running versions 4.1.0-4.3.3.RR42 or 5.0.0-5.1.2.REO1; audit administrative user accounts and review recent login logs for unauthorized access; document current firmware versions. Within 7 days: Disable VPN client functionality in ADM until patch availability; implement network segmentation to restrict administrative console access to trusted internal IP ranges only; enforce multi-factor authentication for all administrator accounts if supported by your deployment. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today