Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Asus Subscribe
Total 231 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28209 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-14 6.8 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVE-2021-28208 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-14 6.8 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVE-2021-28207 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-14 6.8 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVE-2021-28206 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-14 6.8 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVE-2021-28205 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2021-04-14 6.8 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVE-2021-28204 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2021-04-14 6.5 MEDIUM 7.2 HIGH
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
CVE-2021-28203 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2021-04-14 6.5 MEDIUM 7.2 HIGH
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
CVE-2021-28202 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-14 4.0 MEDIUM 4.9 MEDIUM
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28201 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-14 4.0 MEDIUM 4.9 MEDIUM
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28200 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-14 4.0 MEDIUM 4.9 MEDIUM
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28199 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28198 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28197 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28196 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28195 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28176 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28194 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28193 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28192 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28191 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2021-04-13 4.0 MEDIUM 4.9 MEDIUM
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.