Vulnerabilities > Asus > Esc4000 DHD G4 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-06 CVE-2021-28209 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28208 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28207 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28206 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28202 Classic Buffer Overflow vulnerability in Asus products
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28201 Classic Buffer Overflow vulnerability in Asus products
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28200 Classic Buffer Overflow vulnerability in Asus products
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28199 Classic Buffer Overflow vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28198 Classic Buffer Overflow vulnerability in Asus products
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28197 Classic Buffer Overflow vulnerability in Asus products
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9