VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 6, 2021· Updated Sep 16, 2024

ASUS BMC's firmware: path traversal - Get video file function

CVE-2021-28208

Description

The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path traversal vulnerability in ASUS BMC firmware's Get Video File function allows authenticated administrators to read arbitrary system files.

Vulnerability

The Get Video File function in the web management page of ASUS BMC firmware does not filter special characters in a specific parameter [1]. This path traversal vulnerability affects numerous products including ASMB9-iKVM versions up to 1.11.12, RS720A-E9-RS24-E versions up to 1.10.3, and many others listed in the advisory [1]. The flaw exists in the firmware versions prior to the respective fixes for each product [1].

Exploitation

An attacker must first obtain administrator-level privileges on the BMC web interface [1]. With those privileges, the attacker can send a crafted request to the Get Video File function with path traversal sequences (e.g., ../) in the vulnerable parameter. No additional user interaction is required beyond the initial authentication [1].

Impact

A successful attack allows the remote attacker to read arbitrary system files on the BMC, leading to information disclosure [1]. The confidentiality of the system is compromised, though integrity and availability are not affected according to the CVSS vector [1]. The attacker can access sensitive data such as configuration files or credentials stored on the BMC filesystem.

Mitigation

ASUS has released fixed firmware versions for each affected product. For example, ASMB9-iKVM should be updated to version 1.15.3, RS700-E9-RS4 to 1.15.4, and ESC4000 G4X to a later version as specified in the advisory [1]. Users should apply the respective firmware updates from ASUS's official support channels. No workarounds have been provided; upgrading to the patched version is the only mitigation [1]. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of this writing.

References
  1. ASUS BMC's firmware: path traversal - 取得視頻檔案功能

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

45
  • Supermicro/BMC firmwarellm-fuzzy
  • ASUS/BMC firmware for ASMB9-iKVMv5
    Range: 1.11.12
  • ASUS/BMC firmware for E700 G4v5
    Range: 1.14.1
  • ASUS/BMC firmware for ESC4000 DHD G4v5
    Range: 1.13.7
  • ASUS/BMC firmware for ESC4000 G4v5
    Range: 1.15.2
  • ASUS/BMC firmware for ESC4000 G4Xv5
    Range: 1.11.6
  • ASUS/BMC firmware for ESC8000 G4v5
    Range: 1.15.4
  • ASUS/BMC firmware for ESC8000 G4/10Gv5
    Range: 1.15.4
  • ASUS/BMC firmware for KNPA-U16v5
    Range: 1.13.4
  • ASUS/BMC firmware for Pro E800 G4v5
    Range: 1.14.2
  • ASUS/BMC firmware for RS100-E10-PI2v5
    Range: 1.13.6
  • ASUS/BMC firmware for RS300-E10-PS4v5
    Range: 1.13.6
  • ASUS/BMC firmware for RS300-E10-RS4v5
    Range: 1.13.6
  • ASUS/BMC firmware for RS500A-E10-PS4v5
    Range: 1.15.2
  • ASUS/BMC firmware for RS500A-E10-RS4v5
    Range: 1.15.2
  • ASUS/BMC firmware for RS500A-E9-PS4v5
    Range: 1.14.1
  • ASUS/BMC firmware for RS500A-E9 RS4v5
    Range: 1.14.1
  • ASUS/BMC firmware for RS500A-E9-RS4v5
    Range: 1.14.1
  • ASUS/BMC firmware for RS500-E9-PS4v5
    Range: 1.15.4
  • ASUS/BMC firmware for RS500-E9-RS4v5
    Range: 1.15.4
  • ASUS/BMC firmware for RS500-E9-RS4-Uv5
    Range: 1.15.4
  • ASUS/BMC firmware for RS520-E9-RS12-Ev5
    Range: 1.15.3
  • ASUS/BMC firmware for RS520-E9-RS8v5
    Range: 1.15.3
  • ASUS/BMC firmware for RS700A-E9-RS12V2v5
    Range: 1.15.1
  • ASUS/BMC firmware for RS700A-E9-RS4v5
    Range: 1.10.0
  • ASUS/BMC firmware for RS700A-E9-RS4V2v5
    Range: 1.15.1
  • ASUS/BMC firmware for RS700-E9-RS12v5
    Range: 1.11.5
  • ASUS/BMC firmware for RS700-E9-RS4v5
    Range: 1.09
  • ASUS/BMC firmware for RS720A-E9-RS12V2v5
    Range: 1.15.2
  • ASUS/BMC firmware for RS720A-E9-RS24-Ev5
    Range: 1.10.3
  • ASUS/BMC firmware for RS720A-E9-RS24V2v5
    Range: 1.15.1
  • ASUS/BMC firmware for RS720-E9-RS12-Ev5
    Range: 1.15.2
  • ASUS/BMC firmware for RS720-E9-RS24-Uv5
    Range: 1.14.3
  • ASUS/BMC firmware for RS720-E9-RS8-Gv5
    Range: 1.15.2
  • ASUS/BMC firmware for RS720Q-E9-RS24-Sv5
    Range: 1.15.0
  • ASUS/BMC firmware for RS720Q-E9-RS8v5
    Range: 1.15.0
  • ASUS/BMC firmware for RS720Q-E9-RS8-Sv5
    Range: 1.15.0
  • ASUS/BMC firmware for WS C422 PRO/SEv5
    Range: 1.14.1
  • ASUS/BMC firmware for WS C621E SAGEv5
    Range: 1.15.1
  • ASUS/BMC firmware for WS X299 PRO/SEv5
    Range: 1.14.1
  • ASUS/BMC firmware for Z11PA-D8v5
    Range: 1.14.1
  • ASUS/BMC firmware for Z11PA-D8Cv5
    Range: 1.14.1
  • ASUS/BMC firmware for Z11PA-U12v5
    Range: 1.15.1
  • ASUS/BMC firmware for Z11PA-U12/10G-2Sv5
    Range: 1.15.1
  • ASUS/BMC firmware for Z11PR-D16v5
    Range: 1.15.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.