High severity7.2NVD Advisory· Published Apr 6, 2021· Updated Jun 17, 2026
CVE-2021-28204
CVE-2021-28204
Description
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- ASUS/BMC firmware for ASMB8-iKVMv5Range: 1.14.51
- ASUS/BMC firmware for Z10PE-D16 WSv5Range: 1.14.2
- ASUS/BMC firmware for Z10PR-D16v5Range: 1.14.51
Patches
Vulnerability mechanics
References
3- www.asus.com/content/ASUS-Product-Security-Advisory/nvdVendor Advisory
- www.asus.com/tw/support/callus/nvdVendor Advisory
- www.twcert.org.tw/tw/cp-132-4574-b61a6-1.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.