CVE-2021-28191

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-28191
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2021-04-06 05:15:00 UTC
Updated2021-04-13 16:22:00 UTC
DescriptionThe Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Hardware Asus Asmb9-ikvm - All All All
Operating System Asus Asmb9-ikvm Firmware 1.11.12 All All All
Hardware Asus E700 G4 - All All All
Operating System Asus E700 G4 Firmware 1.14.1 All All All
Hardware Asus Esc4000 Dhd G4 - All All All
Operating System Asus Esc4000 Dhd G4 Firmware 1.13.7 All All All
Hardware Asus Esc4000 G4 - All All All
Hardware Asus Esc4000 G4x - All All All
Operating System Asus Esc4000 G4x Firmware 1.11.6 All All All
Operating System Asus Esc4000 G4 Firmware 1.15.2 All All All
Hardware Asus Esc8000 G4 - All All All
Hardware Asus Esc8000 G4/10g - All All All
Operating System Asus Esc8000 G4/10g Firmware 1.15.4 All All All
Hardware Asus Esc8000 G4/10g - All All All
Operating System Asus Esc8000 G4/10g Firmware 1.15.4 All All All
Operating System Asus Esc8000 G4 Firmware 1.15.4 All All All
Hardware Asus Knpa-u16 - All All All
Operating System Asus Knpa-u16 Firmware 1.13.4 All All All
Hardware Asus Pro E800 G4 - All All All
Operating System Asus Pro E800 G4 Firmware 1.14.2 All All All
Hardware Asus Rs100-e10-pi2 - All All All
Operating System Asus Rs100-e10-pi2 Firmware 1.13.6 All All All
Hardware Asus Rs300-e10-ps4 - All All All
Operating System Asus Rs300-e10-ps4 Firmware 1.13.6 All All All
Hardware Asus Rs300-e10-rs4 - All All All
Operating System Asus Rs300-e10-rs4 Firmware 1.13.6 All All All
Hardware Asus Rs500-e9-ps4 - All All All
Operating System Asus Rs500-e9-ps4 Firmware 1.15.4 All All All
Hardware Asus Rs500-e9-rs4 - All All All
Hardware Asus Rs500-e9-rs4-u - All All All
Operating System Asus Rs500-e9-rs4-u Firmware 1.15.4 All All All
Operating System Asus Rs500-e9-rs4 Firmware 1.15.4 All All All
Hardware Asus Rs500a-e10-ps4 - All All All
Operating System Asus Rs500a-e10-ps4 Firmware 1.15.2 All All All
Hardware Asus Rs500a-e10-rs4 - All All All
Operating System Asus Rs500a-e10-rs4 Firmware 1.15.2 All All All
Hardware Asus Rs500a-e9-ps4 - All All All
Operating System Asus Rs500a-e9-ps4 Firmware 1.14.1 All All All
Hardware Asus Rs500a-e9-rs4 - All All All
Operating System Asus Rs500a-e9-rs4 Firmware 1.14.1 All All All
Hardware Asus Rs500a-e9 Rs4 U - All All All
Operating System Asus Rs500a-e9 Rs4 U Firmware 1.14.1 All All All
Hardware Asus Rs520-e9-rs12-e - All All All
Operating System Asus Rs520-e9-rs12-e Firmware 1.15.3 All All All
Hardware Asus Rs520-e9-rs8 - All All All
Operating System Asus Rs520-e9-rs8 Firmware 1.15.3 All All All
Hardware Asus Rs700-e9-rs12 - All All All
Operating System Asus Rs700-e9-rs12 Firmware 1.11.5 All All All
Hardware Asus Rs700-e9-rs4 - All All All
Operating System Asus Rs700-e9-rs4 Firmware 1.09 All All All
Hardware Asus Rs700a-e9-rs12v2 - All All All
Operating System Asus Rs700a-e9-rs12v2 Firmware 1.15.1 All All All
Hardware Asus Rs700a-e9-rs4 - All All All
Hardware Asus Rs700a-e9-rs4v2 - All All All
Operating System Asus Rs700a-e9-rs4v2 Firmware 1.15.1 All All All
Operating System Asus Rs700a-e9-rs4 Firmware 1.10.0 All All All
Hardware Asus Rs720-e9-rs12-e - All All All
Operating System Asus Rs720-e9-rs12-e Firmware 1.15.2 All All All
Hardware Asus Rs720-e9-rs24-u - All All All
Operating System Asus Rs720-e9-rs24-u Firmware 1.14.3 All All All
Hardware Asus Rs720-e9-rs8-g - All All All
Operating System Asus Rs720-e9-rs8-g Firmware 1.15.2 All All All
Hardware Asus Rs720a-e9-rs12v2 - All All All
Operating System Asus Rs720a-e9-rs12v2 Firmware 1.15.2 All All All
Hardware Asus Rs720a-e9-rs24-e - All All All
Operating System Asus Rs720a-e9-rs24-e Firmware 1.10.3 All All All
Hardware Asus Rs720a-e9-rs24v2 - All All All
Operating System Asus Rs720a-e9-rs24v2 Firmware 1.15.1 All All All
Hardware Asus Rs720q-e9-rs24-s - All All All
Operating System Asus Rs720q-e9-rs24-s Firmware 1.15.0 All All All
Hardware Asus Rs720q-e9-rs8 - All All All
Hardware Asus Rs720q-e9-rs8-s - All All All
Operating System Asus Rs720q-e9-rs8-s Firmware 1.15.0 All All All
Operating System Asus Rs720q-e9-rs8 Firmware 1.15.0 All All All
Hardware Asus Ws C422 Pro/se - All All All
Operating System Asus Ws C422 Pro/se Firmware 1.14.1 All All All
Hardware Asus Ws C422 Pro/se - All All All
Operating System Asus Ws C422 Pro/se Firmware 1.14.1 All All All
Hardware Asus Ws C621e Sage - All All All
Operating System Asus Ws C621e Sage Firmware 1.15.1 All All All
Hardware Asus Ws X299 Pro/se - All All All
Operating System Asus Ws X299 Pro/se Firmware 1.14.1 All All All
Hardware Asus Ws X299 Pro/se - All All All
Operating System Asus Ws X299 Pro/se Firmware 1.14.1 All All All
Hardware Asus Z11pa-d8 - All All All
Hardware Asus Z11pa-d8c - All All All
Operating System Asus Z11pa-d8c Firmware 1.14.1 All All All
Operating System Asus Z11pa-d8 Firmware 1.14.1 All All All
Hardware Asus Z11pa-u12 - All All All
Hardware Asus Z11pa-u12/10g-2s - All All All
Operating System Asus Z11pa-u12/10g-2s Firmware 1.15.1 All All All
Hardware Asus Z11pa-u12/10g-2s - All All All
Operating System Asus Z11pa-u12/10g-2s Firmware 1.15.1 All All All
Operating System Asus Z11pa-u12 Firmware 1.15.1 All All All
Hardware Asus Z11pr-d16 - All All All
Operating System Asus Z11pr-d16 Firmware 1.15.3 All All All

References

ReferenceSourceLinkTags
官方支援 | ASUS 台灣 CONFIRM www.asus.com
TWCERT/CC台灣電腦網路危機處理暨協調中心-ASUS BMC's firmware: buffer overflow - 韌體更新功能 CONFIRM www.twcert.org.tw
ASUS Product Security Advisory | ASUS Global CONFIRM www.asus.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report