Description
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.asus.com/content/ASUS-Product-Security-Advisory/
Vendor Advisory x_refsource_misc
https://www.asus.com/tw/support/callus/
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4553-06ae2-1.html
Scores
CVSS v3
4.9
EPSS
0.0087
EPSS Percentile
75.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (3)
asus/asmb8-ikvm_firmware
1.14.51
asus/z10pe-d16_ws_firmware
1.14.2
asus/z10pr-d16_firmware
1.14.51
Published
Apr 06, 2021
Tracked Since
Feb 18, 2026