Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Z10pe\-D16_ws_firmware
(Asus)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-06 | CVE-2021-28185 | The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | Asmb8\-Ikvm_firmware, Z10pe\-D16_ws_firmware, Z10pr\-D16_firmware | 4.9 | ||
| 2021-04-06 | CVE-2021-28186 | The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | Asmb8\-Ikvm_firmware, Z10pe\-D16_ws_firmware, Z10pr\-D16_firmware | 4.9 | ||
| 2021-04-06 | CVE-2021-28187 | The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | Asmb8\-Ikvm_firmware, Z10pe\-D16_ws_firmware, Z10pr\-D16_firmware | 4.9 | ||
| 2021-04-06 | CVE-2021-28188 | The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | Asmb8\-Ikvm_firmware, Z10pe\-D16_ws_firmware, Z10pr\-D16_firmware | 4.9 | ||
| 2021-04-06 | CVE-2021-28189 | The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | Asmb8\-Ikvm_firmware, Z10pe\-D16_ws_firmware, Z10pr\-D16_firmware | 4.9 | ||
| 2021-04-06 | CVE-2021-28203 | The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. | Asmb8\-Ikvm_firmware, Z10pe\-D16_ws_firmware, Z10pr\-D16_firmware | 7.2 | ||
| 2021-04-06 | CVE-2021-28204 | The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. | Asmb8\-Ikvm_firmware, Z10pe\-D16_ws_firmware, Z10pr\-D16_firmware | 7.2 | ||
| 2021-04-06 | CVE-2021-28205 | The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | Asmb8\-Ikvm_firmware, Z10pe\-D16_ws_firmware, Z10pr\-D16_firmware | 4.9 |