Description
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.asus.com/content/ASUS-Product-Security-Advisory/
Vendor Advisory x_refsource_misc
https://www.asus.com/tw/support/callus/
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4560-2f01f-1.html
Scores
CVSS v3
4.9
EPSS
0.0064
EPSS Percentile
70.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (44)
asus/asmb9-ikvm_firmware
1.11.12
asus/e700_g4_firmware
1.14.1
asus/esc4000_dhd_g4_firmware
1.13.7
asus/esc4000_g4_firmware
1.15.2
asus/esc4000_g4x_firmware
1.11.6
asus/esc8000_g4\/10g_firmware
1.15.4
asus/esc8000_g4_firmware
1.15.4
asus/knpa-u16_firmware
1.13.4
asus/pro_e800_g4_firmware
1.14.2
asus/rs100-e10-pi2_firmware
1.13.6
... and 34 more
Published
Apr 06, 2021
Tracked Since
Feb 18, 2026