VYPR
Unrated severityNVD Advisory· Published Apr 6, 2021· Updated Sep 16, 2024

ASUS BMC's firmware: buffer overflow - ActiveX configuration-2 acquisition

CVE-2021-28186

Description

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Supermicro/Bmcllm-fuzzy
  • ASUS/BMC firmware for ASMB8-iKVMv5
    Range: 1.14.51
  • ASUS/BMC firmware for Z10PE-D16 WSv5
    Range: 1.14.2
  • ASUS/BMC firmware for Z10PR-D16v5
    Range: 1.14.51

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.