VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 6, 2021· Updated Sep 17, 2024

ASUS BMC's firmware: buffer overflow - Remote video configuration setting

CVE-2021-28181

Description

The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in ASUS BMC firmware's remote video configuration function allows authenticated admins to crash the web service.

Vulnerability

The ASUS BMC firmware's web management page contains a buffer overflow vulnerability in the specific function for setting remote video configuration. The function fails to verify the length of user-supplied strings, leading to a buffer overflow. Affected firmware versions include Z10PR-D16 1.14.51, ASMB8-iKVM 1.14.51, and Z10PE-D16 WS 1.14.2 [1].

Exploitation

An attacker with privileged (administrator) permissions can exploit this vulnerability by sending a crafted input with an excessively long string to the vulnerable function. This triggers a buffer overflow, abnormally terminating the web service [1].

Impact

Successful exploitation results in a denial of service (DoS) condition, causing the web service to crash. No other impact such as code execution or data disclosure has been disclosed [1].

Mitigation

The vulnerability is fixed in firmware versions Z10PR-D16 1.16.1, ASMB8-iKVM 1.16.1, and Z10PE-D16 WS 1.16.1. Users should update their firmware to the latest versions to mitigate the issue [1].

References
  1. ASUS BMC's firmware: buffer overflow - 設定遠端視訊配置

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Supermicro/BMC firmwarellm-fuzzy
  • ASUS/BMC firmware for ASMB8-iKVMv5
    Range: 1.14.51
  • ASUS/BMC firmware for Z10PE-D16 WSv5
    Range: 1.14.2
  • ASUS/BMC firmware for Z10PR-D16v5
    Range: 1.14.51

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.