ASUS BMC's firmware: buffer overflow - SMTP configuration function
Description
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ASUS BMC firmware's SMTP configuration function has a buffer overflow allowing authenticated admins to crash the web service.
Vulnerability
The SMTP configuration function in the web management page of ASUS BMC's firmware does not validate the length of the string input by the user, leading to a buffer overflow vulnerability [1]. Affected firmware versions include ASMB9-iKVM 1.11.12, RS720A-E9-RS24-E 1.10.3, RS700A-E9-RS4 1.10.0, RS700-E9-RS4 1.09, ESC4000 G4X 1.11.6, RS700-E9-RS12 1.11.5, RS100-E10-PI2 1.13.6, RS300-E10-PS4 1.13.6, RS300-E10-RS4 1.13.6, RS500A-E9-PS4 1.14.1, RS500A-E9-RS4 1.14.1, RS500A-E9 RS4 U 1.14.1, E700 G4 1.14.1, WS C422 PRO/SE 1.14.1, WS X299 PRO/SE 1.14.1, Z11PA-U12 1.15.1, Z11PA-U12/10G-2S 1.15.1, KNPA-U16 1.13.4, ESC4000 DHD G4 1.13.7, ESC4000 G4 1.15.2, RS720Q-E9-RS24-S 1.15.0, RS720Q-E9-RS8 1.15.0, RS720Q-E9-RS8-S 1.15.0, Z11PA-D8 1.14.1, Z11PA-D8C 1.14.1, RS720-E9-RS24-U 1.14.3, RS720-E9-RS8-G 1.15.2, RS500-E9-PS4 1.15.4, Pro E800 G4 1.14.2, RS500-E9-RS4 1.15.4, RS500-E9-RS4-U 1.15.4, RS520-E9-RS12-E 1.15.3, RS520-E9-RS8 1.15.3, ESC8000 G4 1.15.4, ESC8000 G4/10G 1.15.4, RS720-E9-RS12-E 1.15.2, WS C621E SAGE 1.15.1, RS500A-E10-PS4 1.15.2, RS500A-E10-RS4 1.15.2, RS700A-E9-RS12V2 1.15.1, RS700A-E9-RS4V2 1.15.1, RS720A-E9-RS12V2 1.15.2, RS720A-E9-RS24V2 1.15.1, Z11PR-D16 1.15.3, and many others [1].
Exploitation
An attacker must first obtain privileged administrative access to the BMC web interface. With such access, the attacker can send a crafted string with an overly long length to the SMTP configuration input field. The lack of length validation causes a buffer overflow, which abnormally terminates the web service [1]. No user interaction beyond legitimate administrative login is required.
Impact
Successful exploitation results in a denial-of-service (DoS) condition: the BMC web service becomes unavailable, impacting remote management capabilities. The CVSS v3.1 base score is 4.9 (Medium) with a vector of AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, confirming no confidentiality or integrity impact, only high availability impact [1].
Mitigation
ASUS has released firmware updates to address the vulnerability. Affected products should be updated to the specific fixed versions listed by ASUS, for example ASMB9-iKVM 1.15.3, and similarly updated versions for each model as provided in the vendor advisory [1]. No workaround is documented; applying the firmware patch is the recommended action.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
45- ASUS/BMC firmware for ASMB9-iKVMv5Range: 1.11.12
- ASUS/BMC firmware for E700 G4v5Range: 1.14.1
- ASUS/BMC firmware for ESC4000 DHD G4v5Range: 1.13.7
- ASUS/BMC firmware for ESC4000 G4v5Range: 1.15.2
- ASUS/BMC firmware for ESC4000 G4Xv5Range: 1.11.6
- ASUS/BMC firmware for ESC8000 G4v5Range: 1.15.4
- ASUS/BMC firmware for ESC8000 G4/10Gv5Range: 1.15.4
- ASUS/BMC firmware for KNPA-U16v5Range: 1.13.4
- ASUS/BMC firmware for Pro E800 G4v5Range: 1.14.2
- ASUS/BMC firmware for RS100-E10-PI2v5Range: 1.13.6
- ASUS/BMC firmware for RS300-E10-PS4v5Range: 1.13.6
- ASUS/BMC firmware for RS300-E10-RS4v5Range: 1.13.6
- ASUS/BMC firmware for RS500A-E10-PS4v5Range: 1.15.2
- ASUS/BMC firmware for RS500A-E10-RS4v5Range: 1.15.2
- ASUS/BMC firmware for RS500A-E9-PS4v5Range: 1.14.1
- ASUS/BMC firmware for RS500A-E9 RS4v5Range: 1.14.1
- ASUS/BMC firmware for RS500A-E9-RS4v5Range: 1.14.1
- ASUS/BMC firmware for RS500-E9-PS4v5Range: 1.15.4
- ASUS/BMC firmware for RS500-E9-RS4v5Range: 1.15.4
- ASUS/BMC firmware for RS500-E9-RS4-Uv5Range: 1.15.4
- ASUS/BMC firmware for RS520-E9-RS12-Ev5Range: 1.15.3
- ASUS/BMC firmware for RS520-E9-RS8v5Range: 1.15.3
- ASUS/BMC firmware for RS700A-E9-RS12V2v5Range: 1.15.1
- ASUS/BMC firmware for RS700A-E9-RS4v5Range: 1.10.0
- ASUS/BMC firmware for RS700A-E9-RS4V2v5Range: 1.15.1
- ASUS/BMC firmware for RS700-E9-RS12v5Range: 1.11.5
- ASUS/BMC firmware for RS700-E9-RS4v5Range: 1.09
- ASUS/BMC firmware for RS720A-E9-RS12V2v5Range: 1.15.2
- ASUS/BMC firmware for RS720A-E9-RS24-Ev5Range: 1.10.3
- ASUS/BMC firmware for RS720A-E9-RS24V2v5Range: 1.15.1
- ASUS/BMC firmware for RS720-E9-RS12-Ev5Range: 1.15.2
- ASUS/BMC firmware for RS720-E9-RS24-Uv5Range: 1.14.3
- ASUS/BMC firmware for RS720-E9-RS8-Gv5Range: 1.15.2
- ASUS/BMC firmware for RS720Q-E9-RS24-Sv5Range: 1.15.0
- ASUS/BMC firmware for RS720Q-E9-RS8v5Range: 1.15.0
- ASUS/BMC firmware for RS720Q-E9-RS8-Sv5Range: 1.15.0
- ASUS/BMC firmware for WS C422 PRO/SEv5Range: 1.14.1
- ASUS/BMC firmware for WS C621E SAGEv5Range: 1.15.1
- ASUS/BMC firmware for WS X299 PRO/SEv5Range: 1.14.1
- ASUS/BMC firmware for Z11PA-D8v5Range: 1.14.1
- ASUS/BMC firmware for Z11PA-D8Cv5Range: 1.14.1
- ASUS/BMC firmware for Z11PA-U12v5Range: 1.15.1
- ASUS/BMC firmware for Z11PA-U12/10G-2Sv5Range: 1.15.1
- ASUS/BMC firmware for Z11PR-D16v5Range: 1.15.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.asus.com/content/ASUS-Product-Security-Advisory/mitrex_refsource_MISC
- www.asus.com/tw/support/callus/mitrex_refsource_MISC
- www.twcert.org.tw/tw/cp-132-4563-e4092-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.