CVE-2026-3820

The CVE-2026-3820 entry pertains to Supermicro BMC’s SMTP service on the AS-2115HS-TNR. The vulnerability allows an attacker to obtain administrator privileges by injecting specially crafted characters into the SMTP service configuration, which can lead to command execution when the process is in...

CVE-2026-3820 Supermicro BMC's SMTP service contains a command injection vulnerability

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

EUVD-2026-34226

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

CVE-2026-3820 Supermicro BMC's SMTP service contains a command injection vulnerability

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

CVE-2025-12007 Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...

CVE-2025-8076

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability...

CVE-2025-8727 A stack buffer overflow vulnerability exists in the Supermicro BMC Web function(SSL).

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability...

CVE-2025-8404 Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library

Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system...

CVE-2025-8076

Summary: CVE-2025-8076 describes a stack buffer overflow in the Supermicro BMC Web function on the MBD-X13SEDW-F. After logging into the BMC Web server, a specially crafted payload can trigger the overflow, potentially enabling arbitrary code execution on the BMC. Several sources (NVD, Red Hat, C...

EUVD-2025-197956

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability...

CVE-2025-7623 Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability

Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...

CVE-2025-7704 Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability

Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability...

PT-2025-44224

Name of the Vulnerable Software and Affected Versions Supermicro BMC firmware on Supermicro MBD-X12STW-F affected versions not specified Description An issue exists in the firmware validation logic of Supermicro BMC firmware. An attacker can potentially update the system firmware using a speciall...

EUVD-2024-36083

Malicious code in bioql PyPI...

Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security

Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller BMC firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image. The medium-severity...

CVE-2025-6198

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...

CVE-2025-6198 Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...

CVE-2013-4782

The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password...

CVE-2024-36435

An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards and CMM6 modules. An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC...

CVE-2024-36435

An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards and CMM6 modules. An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC...