As 2115Hs Tnr
Monthly
Command injection in the Supermicro AS-2115HS-TNR BMC's SMTP service allows an authenticated administrator to inject crafted characters into the SMTP configuration, causing the underlying system to execute unintended OS commands during process invocation. Successful exploitation can yield arbitrary code execution on the baseboard management controller, denial of service, or persistent compromise of the management plane. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Command injection in the Supermicro AS-2115HS-TNR BMC's SMTP service allows an authenticated administrator to inject crafted characters into the SMTP configuration, causing the underlying system to execute unintended OS commands during process invocation. Successful exploitation can yield arbitrary code execution on the baseboard management controller, denial of service, or persistent compromise of the management plane. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.