VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 6, 2021· Updated Sep 16, 2024

ASUS BMC's firmware: path traversal - Record video file function

CVE-2021-28206

Description

The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ASUS BMC firmware contains a path traversal in the video file function, allowing authenticated admins to read arbitrary system files.

Vulnerability

The ASUS BMC firmware Web management page includes a "Record video file" function that does not properly filter the specific parameter. This path traversal vulnerability affects multiple firmware versions, including ASMB9-iKVM 1.11.12, various RS700-E9-RS4 versions (1.10.0, 1.09, 1.15.4), ESC4000 G4X 1.11.6, and many others listed in the advisory [1]. The vulnerable code path is reachable through the web interface when the admin user interacts with the video recording feature.

Exploitation

An attacker must first obtain administrator privileges for the BMC web interface. With those privileges, the attacker sends a crafted request to the video file function endpoint, including path traversal sequences (e.g., ../) in the specific parameter to navigate outside the intended directory and access system files [1]. No additional authentication bypass or user interaction beyond normal admin login is required.

Impact

Successful exploitation allows the attacker to read arbitrary files from the BMC filesystem, including sensitive configuration files, credentials, or other system data. The impact is limited to confidentiality, as the vulnerability only enables file reading, not modification or remote code execution. The attacker gains elevated read access to system files at the BMC privilege level [1].

Mitigation

ASUS has released fixed firmware versions: ASMB9-iKVM 1.15.3, RS700-E9-RS4 1.15.4, ESC4000 G4X 1.15.2, and updated versions for all affected products listed in the advisory [1]. Administrators should upgrade their BMC firmware to the specified patched versions. No workaround is provided; updating is the recommended mitigation [1].

References
  1. ASUS BMC's firmware: path traversal - 操作視頻檔案功能

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

45
  • Supermicro/BMC firmwarellm-fuzzy
  • ASUS/BMC firmware for ASMB9-iKVMv5
    Range: 1.11.12
  • ASUS/BMC firmware for E700 G4v5
    Range: 1.14.1
  • ASUS/BMC firmware for ESC4000 DHD G4v5
    Range: 1.13.7
  • ASUS/BMC firmware for ESC4000 G4v5
    Range: 1.15.2
  • ASUS/BMC firmware for ESC4000 G4Xv5
    Range: 1.11.6
  • ASUS/BMC firmware for ESC8000 G4v5
    Range: 1.15.4
  • ASUS/BMC firmware for ESC8000 G4/10Gv5
    Range: 1.15.4
  • ASUS/BMC firmware for KNPA-U16v5
    Range: 1.13.4
  • ASUS/BMC firmware for Pro E800 G4v5
    Range: 1.14.2
  • ASUS/BMC firmware for RS100-E10-PI2v5
    Range: 1.13.6
  • ASUS/BMC firmware for RS300-E10-PS4v5
    Range: 1.13.6
  • ASUS/BMC firmware for RS300-E10-RS4v5
    Range: 1.13.6
  • ASUS/BMC firmware for RS500A-E10-PS4v5
    Range: 1.15.2
  • ASUS/BMC firmware for RS500A-E10-RS4v5
    Range: 1.15.2
  • ASUS/BMC firmware for RS500A-E9-PS4v5
    Range: 1.14.1
  • ASUS/BMC firmware for RS500A-E9 RS4v5
    Range: 1.14.1
  • ASUS/BMC firmware for RS500A-E9-RS4v5
    Range: 1.14.1
  • ASUS/BMC firmware for RS500-E9-PS4v5
    Range: 1.15.4
  • ASUS/BMC firmware for RS500-E9-RS4v5
    Range: 1.15.4
  • ASUS/BMC firmware for RS500-E9-RS4-Uv5
    Range: 1.15.4
  • ASUS/BMC firmware for RS520-E9-RS12-Ev5
    Range: 1.15.3
  • ASUS/BMC firmware for RS520-E9-RS8v5
    Range: 1.15.3
  • ASUS/BMC firmware for RS700A-E9-RS12V2v5
    Range: 1.15.1
  • ASUS/BMC firmware for RS700A-E9-RS4v5
    Range: 1.10.0
  • ASUS/BMC firmware for RS700A-E9-RS4V2v5
    Range: 1.15.1
  • ASUS/BMC firmware for RS700-E9-RS12v5
    Range: 1.11.5
  • ASUS/BMC firmware for RS700-E9-RS4v5
    Range: 1.09
  • ASUS/BMC firmware for RS720A-E9-RS12V2v5
    Range: 1.15.2
  • ASUS/BMC firmware for RS720A-E9-RS24-Ev5
    Range: 1.10.3
  • ASUS/BMC firmware for RS720A-E9-RS24V2v5
    Range: 1.15.1
  • ASUS/BMC firmware for RS720-E9-RS12-Ev5
    Range: 1.15.2
  • ASUS/BMC firmware for RS720-E9-RS24-Uv5
    Range: 1.14.3
  • ASUS/BMC firmware for RS720-E9-RS8-Gv5
    Range: 1.15.2
  • ASUS/BMC firmware for RS720Q-E9-RS24-Sv5
    Range: 1.15.0
  • ASUS/BMC firmware for RS720Q-E9-RS8v5
    Range: 1.15.0
  • ASUS/BMC firmware for RS720Q-E9-RS8-Sv5
    Range: 1.15.0
  • ASUS/BMC firmware for WS C422 PRO/SEv5
    Range: 1.14.1
  • ASUS/BMC firmware for WS C621E SAGEv5
    Range: 1.15.1
  • ASUS/BMC firmware for WS X299 PRO/SEv5
    Range: 1.14.1
  • ASUS/BMC firmware for Z11PA-D8v5
    Range: 1.14.1
  • ASUS/BMC firmware for Z11PA-D8Cv5
    Range: 1.14.1
  • ASUS/BMC firmware for Z11PA-U12v5
    Range: 1.15.1
  • ASUS/BMC firmware for Z11PA-U12/10G-2Sv5
    Range: 1.15.1
  • ASUS/BMC firmware for Z11PR-D16v5
    Range: 1.15.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.