CVE-2023-34853

HIGH

Supermicro X12DPG-QR 1.4b - Buffer Overflow via SmcSecurityEraseSetupVar

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-34853. PoCs published by risuxx.

AI-analyzed exploit summary The repository describes a stack overflow vulnerability in Supermicro motherboard X12DPG-QR BIOS firmware (version 1.4b) within the SmcSecureErase file. The vulnerability allows local privileged attackers to escalate privileges to DXE Runtime UEFI and execute arbitrary code via a buffer overflow in the GetVariable function.

Description

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.

Exploits (1)

nomisec WRITEUP

by risuxx · poc

https://github.com/risuxx/CVE-2023-34853

View Code ZIP pw:eip

The repository describes a stack overflow vulnerability in Supermicro motherboard X12DPG-QR BIOS firmware (version 1.4b) within the SmcSecureErase file. The vulnerability allows local privileged attackers to escalate privileges to DXE Runtime UEFI and execute arbitrary code via a buffer overflow in the GetVariable function.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Supermicro X12DPG-QR BIOS firmware 1.4b

Auth required

Prerequisites: Local privileged access · Ability to set the 'SmcSecurityEraseSetupVar' variable to a long string

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://www.supermicro.com/Bios/softfiles/17136/X12DPG-QR_1.4b_X1.02.61_SUM2.10.0.zip.

Vendor Advisory

https://www.supermicro.com/en/support/security_BIOS_Aug_2023

Scores

CVSS v3 7.8

EPSS 0.0037

EPSS Percentile 28.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (50)

supermicro/h11dsi-nt_firmware

supermicro/h11dsi_firmware

supermicro/h11dst-b_firmware

supermicro/h11dsu-in_firmware

supermicro/h12dgo-6_firmware

supermicro/h12dgq-nt6_firmware

supermicro/h12dsg-o-cpu_firmware

supermicro/h12dsg-q-cpu6_firmware

supermicro/h12dsi-n6_firmware

supermicro/h12dsi-nt6_firmware

... and 40 more

Published Aug 22, 2023

Tracked Since Feb 18, 2026