Unrated severityNVD Advisory· Published Apr 6, 2021· Updated Sep 16, 2024
ASUS BMC's firmware: command injection - Web Set Media Image function
CVE-2021-28203
Description
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- ASUS/BMC firmware for ASMB8-iKVMv5Range: 1.14.51
- ASUS/BMC firmware for Z10PE-D16 WSv5Range: 1.14.2
- ASUS/BMC firmware for Z10PR-D16v5Range: 1.14.51
Patches
Vulnerability mechanics
References
3- www.asus.com/content/ASUS-Product-Security-Advisory/mitrex_refsource_MISC
- www.asus.com/tw/support/callus/mitrex_refsource_MISC
- www.twcert.org.tw/tw/cp-132-4573-aa336-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.