X12Dai N6 Firmware
CVE-2023-34853
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.
AnalysisAI
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. Affected products include: Supermicro X12Dai-N6 Firmware, Supermicro X12Ddw-A6 Firmware, Supermicro X12Dgo-6 Firmware, Supermicro X12Dgq-R Firmware, Supermicro X12Dgu Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in X12Dai N6 Firmware
View allA shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) all
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implemen
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementatio
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. Rated medium severi
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today