Skip to main content

Asmb8 Ikvm Firmware

19 CVEs product

Monthly

CVE-2023-26602 CRITICAL POC THREAT Act Now

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Asmb8 Ikvm Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
17.4%
CVE-2021-28205 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28204 HIGH This Week

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-28203 HIGH This Week

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-28189 MEDIUM This Month

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28188 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28187 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-28186 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28185 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28184 MEDIUM This Month

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28183 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28182 MEDIUM This Month

The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28181 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28180 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28179 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28178 MEDIUM This Month

The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28177 MEDIUM This Month

The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28176 MEDIUM This Month

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28175 MEDIUM This Month

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.9%
EPSS 17% CVSS 9.8
CRITICAL POC THREAT Act Now

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Asmb8 Ikvm Firmware
NVD Exploit-DB
EPSS 2% CVSS 4.9
MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy