CVE-2021-28191
published 2021-04-06CVE-2021-28191: The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow…
medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Affected
88 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asus | asmb9-ikvm_firmware | — | — |
| asus | bmc_firmware_for_asmb9-ikvm | — | — |
| asus | bmc_firmware_for_e700_g4 | — | — |
| asus | bmc_firmware_for_esc4000_dhd_g4 | — | — |
| asus | bmc_firmware_for_esc4000_g4 | — | — |
| asus | bmc_firmware_for_esc4000_g4x | — | — |
| asus | bmc_firmware_for_esc8000_g4 | — | — |
| asus | bmc_firmware_for_esc8000_g4_10g | — | — |
| asus | bmc_firmware_for_knpa-u16 | — | — |
| asus | bmc_firmware_for_pro_e800_g4 | — | — |
| asus | bmc_firmware_for_rs100-e10-pi2 | — | — |
| asus | bmc_firmware_for_rs300-e10-ps4 | — | — |
| asus | bmc_firmware_for_rs300-e10-rs4 | — | — |
| asus | bmc_firmware_for_rs500-e9-ps4 | — | — |
| asus | bmc_firmware_for_rs500-e9-rs4 | — | — |
| asus | bmc_firmware_for_rs500-e9-rs4-u | — | — |
| asus | bmc_firmware_for_rs500a-e10-ps4 | — | — |
| asus | bmc_firmware_for_rs500a-e10-rs4 | — | — |
| asus | bmc_firmware_for_rs500a-e9-ps4 | — | — |
| asus | bmc_firmware_for_rs500a-e9-rs4 | — | — |
| asus | bmc_firmware_for_rs500a-e9_rs4 | — | — |
| asus | bmc_firmware_for_rs520-e9-rs12-e | — | — |
| asus | bmc_firmware_for_rs520-e9-rs8 | — | — |
| asus | bmc_firmware_for_rs700-e9-rs12 | — | — |
| asus | bmc_firmware_for_rs700-e9-rs4 | — | — |