Description
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
Exploits (2)
exploitdb
WORKING POC
by Metin Yunus Kandemir · textwebappshardware
https://www.exploit-db.com/exploits/48668
exploitdb
WORKING POC
by Metin Yunus Kandemir · textwebappshardware
https://www.exploit-db.com/exploits/48652
Scores
CVSS v3
8.8
EPSS
0.0065
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (2)
supermicro/x10drh-it_bios
2.0a
supermicro/x10drh-it_firmware
3.40
Published
Jun 24, 2020
Tracked Since
Feb 18, 2026