Command Injection Vulnerability Found in ASUSTOR ADM Systems

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A critical security vulnerability has been disclosed in CVE-2026-6644 ASUSTOR NAS devices running the ADM operating system, specifically affecting the PPTP VPN client component. The flaw arises due to improper validation of user-supplied input, enabling a command injection condition that allows an attacker with administrative access to escape the restricted web interface and execute arbitrary system-level commands. Successful exploitation can lead to full remote code execution, giving attackers the ability to completely compromise the underlying operating system, manipulate data, and potentially disrupt services. Given the high severity of this issue and its impact on confidentiality, integrity, and availability, users are strongly advised to apply the latest patches and update affected systems to mitigate the risk of exploitation.The vulnerability has a CVSS score of 9.4.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

RECOMMENDATION:

We recommend you to update ASUSTOR Data Master to version 5.1.3.RGL1 or later.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/asustor-nas-adm-cve-2026-6644-critical-patch/

[/emaillocker]

Recent Advisories

SGLang Vulnerability Leveraged Through Crafted GGUF Files

April 21, 2026

AppDomain Hijacking Malware Launcher Targeting Middle East Finance

April 21, 2026

Progress Kemp LoadMaster Vulnerability Allows multiple RCE and WAF Bypass

April 21, 2026

Dolibarr ERP Vulnerability Enables Remote Execution

April 21, 2026

Command Injection Vulnerability Found in ASUSTOR ADM Systems

Recent Advisories

Report an Incident