Vulnerabilities > Asus > Z10Pr D16 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-06 CVE-2021-28205 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28189 Classic Buffer Overflow vulnerability in Asus products
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28188 Classic Buffer Overflow vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28187 Classic Buffer Overflow vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28186 Classic Buffer Overflow vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28185 Classic Buffer Overflow vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28184 Classic Buffer Overflow vulnerability in Asus products
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28183 Classic Buffer Overflow vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28182 Classic Buffer Overflow vulnerability in Asus products
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9
2021-04-06 CVE-2021-28181 Classic Buffer Overflow vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.9