CVE-2021-28205

The specific function in ASUS BMC’s firmware Web management page Delete SOL video file function does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files...

CVE-2021-28207

The specific function in ASUS BMC’s firmware Web management page Get Help file function does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files...

CVE-2021-28200

The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...

CVE-2021-28187

The specific function in ASUS BMC’s firmware Web management page Generate new SSL certificate does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web...

CVE-2021-28179

The specific function in ASUS BMC’s firmware Web management page Media support configuration setting does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate t...

ASUS BMC Firmware 安全特征问题漏洞

ASUS BMC Firmware is a firmware from Asus China. A security signature issue vulnerability exists in the ASUS BMC firmware Web management page, which originates from a buffer overflow vulnerability due to the SMTP configuration function not validating the length of a string entered by the user. A...