ASUS BMC's firmware: buffer overflow - Active Directory configuration function
Description
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in ASUS BMC firmware's Active Directory configuration function allows authenticated remote attackers to crash the Web service.
Vulnerability
A buffer overflow vulnerability exists in the Active Directory configuration function of ASUS BMC firmware's web management page. The function fails to verify the length of user-supplied strings, allowing a buffer overflow when processing crafted input. Affected firmware versions include Z10PR-D16 1.14.51, ASMB8-iKVM 1.14.51, and Z10PE-D16 WS 1.14.2 [1].
Exploitation
An attacker must first obtain privileged administrative access to the BMC web interface. With that access, the attacker can send a specially crafted request to the Active Directory configuration endpoint, triggering the buffer overflow. No additional user interaction is required [1].
Impact
Successful exploitation causes the web service to terminate abnormally, resulting in a denial of service (availability impact). No confidentiality or integrity impact is described [1].
Mitigation
ASUS has released updated firmware versions that fix the vulnerability: Z10PR-D16 1.16.1, ASMB8-iKVM 1.16.1, and Z10PE-D16 WS 1.16.1. Users should update to these versions. No workarounds are documented, and the vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- ASUS/BMC firmware for ASMB8-iKVMv5Range: 1.14.51
- ASUS/BMC firmware for Z10PE-D16 WSv5Range: 1.14.2
- ASUS/BMC firmware for Z10PR-D16v5Range: 1.14.51
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.asus.com/content/ASUS-Product-Security-Advisory/mitrex_refsource_MISC
- www.asus.com/tw/support/callus/mitrex_refsource_MISC
- www.twcert.org.tw/tw/cp-132-4554-10a74-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.