ASUS BMC's firmware: buffer overflow - DNS configuration function
Description
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ASUS BMC firmware DNS configuration function has a buffer overflow vulnerability allowing authenticated remote attackers to terminate the Web service.
Vulnerability
The DNS configuration function in the Web management page of ASUS BMC firmware does not validate the length of user-supplied strings, leading to a buffer overflow vulnerability. The affected firmware versions include Z10PR-D16 1.14.51, ASMB8-iKVM 1.14.51, and Z10PE-D16 WS 1.14.2 [1].
Exploitation
An attacker must obtain privileged (administrator) access to the BMC Web interface. With that access, the attacker can send a crafted, overly long string to the DNS configuration parameter, triggering the buffer overflow. The attack can be launched remotely over the network without user interaction [1].
Impact
Successful exploitation causes the Web service to terminate abnormally, resulting in a denial of service (availability impact). The confidentiality and integrity of the system are not affected [1].
Mitigation
ASUS released fixed firmware versions: Z10PR-D16 1.16.1, ASMB8-iKVM 1.16.1, and Z10PE-D16 WS 1.16.1. Users should update to these versions to remediate the vulnerability [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- ASUS/BMC firmware for ASMB8-iKVMv5Range: 1.14.51
- ASUS/BMC firmware for Z10PE-D16 WSv5Range: 1.14.2
- ASUS/BMC firmware for Z10PR-D16v5Range: 1.14.51
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.asus.com/content/ASUS-Product-Security-Advisory/mitrex_refsource_MISC
- www.asus.com/tw/support/callus/mitrex_refsource_MISC
- www.twcert.org.tw/tw/cp-132-4544-0a409-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.