CVE-2021-28183

MEDIUM Year: 2021
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-120
View all →

Vulnerability Description

The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Related Vulnerabilities

CVE-2021-28175

MEDIUM
CVSS:4.9(Medium)

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileg...

CWE-1202021

CVE-2021-28176

MEDIUM
CVSS:4.9(Medium)

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged ...

CWE-1202021

CVE-2021-28177

MEDIUM
CVSS:4.9(Medium)

The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged...

CWE-1202021

CVE-2021-28178

MEDIUM
CVSS:4.9(Medium)

The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged...

CWE-1202021

CVE-2021-28179

MEDIUM
CVSS:4.9(Medium)

The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability....

CWE-1202021

CVE-2021-28180

MEDIUM
CVSS:4.9(Medium)

The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As ...

CWE-1202021