Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-28206— ASUS BMC's firmware: path traversal - Record video file function

CVSS 4.9 · Medium EPSS 0.43% · P63
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-28206

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ASUS BMC's firmware: path traversal - Record video file function
Source: NVD (National Vulnerability Database)
Vulnerability Description
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
ASUS BMC Firmware 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ASUS BMC Firmware是中国华硕(ASUS)公司的一个固件。 ASUS BMC Firmware 存在路径遍历漏洞,该漏洞源于Record video file function不过滤具体参数。远程攻击者可利用该漏洞在获得管理员权限后,可以通过路径遍历的方式访问系统文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
ASUSBMC firmware for ASMB9-iKVM 1.11.12 -
ASUSBMC firmware for RS720A-E9-RS24-E 1.10.3 -
ASUSBMC firmware for RS700A-E9-RS4 1.10.0 -
ASUSBMC firmware for RS700-E9-RS4 1.09 -
ASUSBMC firmware for ESC4000 G4X 1.11.6 -
ASUSBMC firmware for RS700-E9-RS12 1.11.5 -
ASUSBMC firmware for RS100-E10-PI2 1.13.6 -
ASUSBMC firmware for RS300-E10-PS4 1.13.6 -
ASUSBMC firmware for RS300-E10-RS4 1.13.6 -
ASUSBMC firmware for RS500A-E9-PS4 1.14.1 -
ASUSBMC firmware for RS500A-E9-RS4 1.14.1 -
ASUSBMC firmware for RS500A-E9 RS4 1.14.1 -
ASUSBMC firmware for E700 G4 1.14.1 -
ASUSBMC firmware for WS C422 PRO/SE 1.14.1 -
ASUSBMC firmware for WS X299 PRO/SE 1.14.1 -
ASUSBMC firmware for Z11PA-U12 1.15.1 -
ASUSBMC firmware for Z11PA-U12/10G-2S 1.15.1 -
ASUSBMC firmware for KNPA-U16 1.13.4 -
ASUSBMC firmware for ESC4000 DHD G4 1.13.7 -
ASUSBMC firmware for ESC4000 G4 1.15.2 -
ASUSBMC firmware for RS720Q-E9-RS24-S 1.15.0 -
ASUSBMC firmware for RS720Q-E9-RS8 1.15.0 -
ASUSBMC firmware for RS720Q-E9-RS8-S 1.15.0 -
ASUSBMC firmware for Z11PA-D8 1.14.1 -
ASUSBMC firmware for Z11PA-D8C 1.14.1 -
ASUSBMC firmware for RS720-E9-RS24-U 1.14.3 -
ASUSBMC firmware for RS720-E9-RS8-G 1.15.2 -
ASUSBMC firmware for RS500-E9-PS4 1.15.4 -
ASUSBMC firmware for Pro E800 G4 1.14.2 -
ASUSBMC firmware for RS500-E9-RS4 1.15.4 -
ASUSBMC firmware for RS500-E9-RS4-U 1.15.4 -
ASUSBMC firmware for RS520-E9-RS12-E 1.15.3 -
ASUSBMC firmware for RS520-E9-RS8 1.15.3 -
ASUSBMC firmware for ESC8000 G4 1.15.4 -
ASUSBMC firmware for ESC8000 G4/10G 1.15.4 -
ASUSBMC firmware for RS720-E9-RS12-E 1.15.2 -
ASUSBMC firmware for WS C621E SAGE 1.15.1 -
ASUSBMC firmware for RS500A-E10-PS4 1.15.2 -
ASUSBMC firmware for RS500A-E10-RS4 1.15.2 -
ASUSBMC firmware for RS700A-E9-RS12V2 1.15.1 -
ASUSBMC firmware for RS700A-E9-RS4V2 1.15.1 -
ASUSBMC firmware for RS720A-E9-RS12V2 1.15.2 -
ASUSBMC firmware for RS720A-E9-RS24V2 1.15.1 -
ASUSBMC firmware for Z11PR-D16 1.15.3 -

II. Public POCs for CVE-2021-28206

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-28206

登录查看更多情报信息。

Same Patch Batch · ASUS · 2021-04-06 · 35 CVEs total

CVE-2021-282047.2 HIGHASUS BMC's firmware: command injection - Modify user’s information function
CVE-2021-282037.2 HIGHASUS BMC's firmware: command injection - Web Set Media Image function
CVE-2021-281804.9 MEDIUMASUS BMC's firmware: buffer overflow - Audit log configuration setting
CVE-2021-281904.9 MEDIUMASUS BMC's firmware: buffer overflow - Generate new certificate function
CVE-2021-281884.9 MEDIUMASUS BMC's firmware: buffer overflow - Modify user’s information function
CVE-2021-281874.9 MEDIUMASUS BMC's firmware: buffer overflow - Generate new SSL certificate
CVE-2021-281854.9 MEDIUMASUS BMC's firmware: buffer overflow - ActiveX configuration-1 acquisition
CVE-2021-281864.9 MEDIUMASUS BMC's firmware: buffer overflow - ActiveX configuration-2 acquisition
CVE-2021-281844.9 MEDIUMASUS BMC's firmware: buffer overflow - Active Directory configuration function
CVE-2021-281834.9 MEDIUMASUS BMC's firmware: buffer overflow - Web License configuration setting
CVE-2021-281824.9 MEDIUMASUS BMC's firmware: buffer overflow - Web Service configuration function
CVE-2021-281914.9 MEDIUMASUS BMC's firmware: buffer overflow - Firmware update function
CVE-2021-281814.9 MEDIUMASUS BMC's firmware: buffer overflow - Remote video configuration setting
CVE-2021-281794.9 MEDIUMASUS BMC's firmware: buffer overflow - Media support configuration setting
CVE-2021-281774.9 MEDIUMASUS BMC's firmware: buffer overflow - LDAP configuration function
CVE-2021-281784.9 MEDIUMASUS BMC's firmware: buffer overflow - UEFI configuration function
CVE-2021-281764.9 MEDIUMASUS BMC's firmware: buffer overflow - DNS configuration function
CVE-2021-281754.9 MEDIUMASUS BMC's firmware: buffer overflow - Radius configuration function
CVE-2021-281894.9 MEDIUMASUS BMC's firmware: buffer overflow - SMTP configuration function
CVE-2021-282094.9 MEDIUMASUS BMC's firmware: path traversal - Delete video file function

Showing top 20 of 35 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: BMC firmware for ASMB9-iKVM
Same vendor: ASUS
Same weakness: CWE-22

V. Comments for CVE-2021-28206

No comments yet

Leave a comment