Vulnerabilities > Asus > Asmb8 Ikvm Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-26 | CVE-2023-26602 | Command Injection vulnerability in Asus Asmb8-Ikvm Firmware 1.14.51 ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | 9.8 |
| 2021-04-06 | CVE-2021-28205 | Path Traversal vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. | 4.9 |
| 2021-04-06 | CVE-2021-28204 | OS Command Injection vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. | 7.2 |
| 2021-04-06 | CVE-2021-28203 | OS Command Injection vulnerability in Asus products The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. | 7.2 |
| 2021-04-06 | CVE-2021-28189 | Classic Buffer Overflow vulnerability in Asus products The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. | 4.9 |
| 2021-04-06 | CVE-2021-28188 | Classic Buffer Overflow vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. | 4.9 |
| 2021-04-06 | CVE-2021-28187 | Classic Buffer Overflow vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. | 4.9 |
| 2021-04-06 | CVE-2021-28186 | Classic Buffer Overflow vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. | 4.9 |
| 2021-04-06 | CVE-2021-28185 | Classic Buffer Overflow vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. | 4.9 |
| 2021-04-06 | CVE-2021-28184 | Classic Buffer Overflow vulnerability in Asus products The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. | 4.9 |