Unrated severityNVD Advisory· Published Apr 6, 2021· Updated Sep 16, 2024
ASUS BMC's firmware: path traversal - Delete video file function
CVE-2021-28209
Description
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
45- ASUS/BMC firmware for ASMB9-iKVMv5Range: 1.11.12
- ASUS/BMC firmware for E700 G4v5Range: 1.14.1
- ASUS/BMC firmware for ESC4000 DHD G4v5Range: 1.13.7
- ASUS/BMC firmware for ESC4000 G4v5Range: 1.15.2
- ASUS/BMC firmware for ESC4000 G4Xv5Range: 1.11.6
- ASUS/BMC firmware for ESC8000 G4v5Range: 1.15.4
- ASUS/BMC firmware for ESC8000 G4/10Gv5Range: 1.15.4
- ASUS/BMC firmware for KNPA-U16v5Range: 1.13.4
- ASUS/BMC firmware for Pro E800 G4v5Range: 1.14.2
- ASUS/BMC firmware for RS100-E10-PI2v5Range: 1.13.6
- ASUS/BMC firmware for RS300-E10-PS4v5Range: 1.13.6
- ASUS/BMC firmware for RS300-E10-RS4v5Range: 1.13.6
- ASUS/BMC firmware for RS500A-E10-PS4v5Range: 1.15.2
- ASUS/BMC firmware for RS500A-E10-RS4v5Range: 1.15.2
- ASUS/BMC firmware for RS500A-E9-PS4v5Range: 1.14.1
- ASUS/BMC firmware for RS500A-E9 RS4v5Range: 1.14.1
- ASUS/BMC firmware for RS500A-E9-RS4v5Range: 1.14.1
- ASUS/BMC firmware for RS500-E9-PS4v5Range: 1.15.4
- ASUS/BMC firmware for RS500-E9-RS4v5Range: 1.15.4
- ASUS/BMC firmware for RS500-E9-RS4-Uv5Range: 1.15.4
- ASUS/BMC firmware for RS520-E9-RS12-Ev5Range: 1.15.3
- ASUS/BMC firmware for RS520-E9-RS8v5Range: 1.15.3
- ASUS/BMC firmware for RS700A-E9-RS12V2v5Range: 1.15.1
- ASUS/BMC firmware for RS700A-E9-RS4v5Range: 1.10.0
- ASUS/BMC firmware for RS700A-E9-RS4V2v5Range: 1.15.1
- ASUS/BMC firmware for RS700-E9-RS12v5Range: 1.11.5
- ASUS/BMC firmware for RS700-E9-RS4v5Range: 1.09
- ASUS/BMC firmware for RS720A-E9-RS12V2v5Range: 1.15.2
- ASUS/BMC firmware for RS720A-E9-RS24-Ev5Range: 1.10.3
- ASUS/BMC firmware for RS720A-E9-RS24V2v5Range: 1.15.1
- ASUS/BMC firmware for RS720-E9-RS12-Ev5Range: 1.15.2
- ASUS/BMC firmware for RS720-E9-RS24-Uv5Range: 1.14.3
- ASUS/BMC firmware for RS720-E9-RS8-Gv5Range: 1.15.2
- ASUS/BMC firmware for RS720Q-E9-RS24-Sv5Range: 1.15.0
- ASUS/BMC firmware for RS720Q-E9-RS8v5Range: 1.15.0
- ASUS/BMC firmware for RS720Q-E9-RS8-Sv5Range: 1.15.0
- ASUS/BMC firmware for WS C422 PRO/SEv5Range: 1.14.1
- ASUS/BMC firmware for WS C621E SAGEv5Range: 1.15.1
- ASUS/BMC firmware for WS X299 PRO/SEv5Range: 1.14.1
- ASUS/BMC firmware for Z11PA-D8v5Range: 1.14.1
- ASUS/BMC firmware for Z11PA-D8Cv5Range: 1.14.1
- ASUS/BMC firmware for Z11PA-U12v5Range: 1.15.1
- ASUS/BMC firmware for Z11PA-U12/10G-2Sv5Range: 1.15.1
- ASUS/BMC firmware for Z11PR-D16v5Range: 1.15.3
Patches
Vulnerability mechanics
References
3- www.asus.com/content/ASUS-Product-Security-Advisory/mitrex_refsource_MISC
- www.asus.com/tw/support/callus/mitrex_refsource_MISC
- www.twcert.org.tw/tw/cp-132-4579-c8827-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.