asus asmb8-ikvm firmware vulnerabilities and exploits

(subscribe to this query)

ASUS ASMB8 iKVM firmware up to and including 1.14.51 allows remote malicious users to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

Asus Asmb8-ikvm Firmware

1 Github repository

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

Asus Z10pr-d16 Firmware 1.14.51 Asus Asmb8-ikvm Firmware 1.14.51 Asus Z10pe-d16 Ws Firmware 1.14.2

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

Asus Z10pr-d16 Firmware 1.14.51 Asus Asmb8-ikvm Firmware 1.14.51 Asus Z10pe-d16 Ws Firmware 1.14.2

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the W...

Asus Z10pr-d16 Firmware 1.14.51 Asus Asmb8-ikvm Firmware 1.14.51 Asus Z10pe-d16 Ws Firmware 1.14.2

The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the ...

Asus Z10pr-d16 Firmware 1.14.51 Asus Asmb8-ikvm Firmware 1.14.51 Asus Z10pe-d16 Ws Firmware 1.14.2

The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage t...

Asus Z10pr-d16 Firmware 1.14.51 Asus Asmb8-ikvm Firmware 1.14.51 Asus Z10pe-d16 Ws Firmware 1.14.2

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally te...

Asus Z10pr-d16 Firmware 1.14.51 Asus Asmb8-ikvm Firmware 1.14.51 Asus Z10pe-d16 Ws Firmware 1.14.2

The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abno...

Asus Z10pr-d16 Firmware 1.14.51 Asus Asmb8-ikvm Firmware 1.14.51 Asus Z10pe-d16 Ws Firmware 1.14.2

The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally termina...

Asus Z10pr-d16 Firmware 1.14.51 Asus Asmb8-ikvm Firmware 1.14.51 Asus Z10pe-d16 Ws Firmware 1.14.2

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate th...

Asus Z10pr-d16 Firmware 1.14.51 Asus Asmb8-ikvm Firmware 1.14.51 Asus Z10pe-d16 Ws Firmware 1.14.2

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook