ByteOS Network

Vulnerability Details :

CVE-2021-28197

Assigner-twcert

Assigner Org ID-cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e

Published At-06 Apr, 2021 | 05:02

Updated At-16 Sep, 2024 | 19:10

ASUS BMC's firmware: buffer overflow - Active Directory configuration function

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:twcert

Assigner Org ID:cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e

Published At:06 Apr, 2021 | 05:02

Updated At:16 Sep, 2024 | 19:10

▼CVE Numbering Authority (CNA)

ASUS BMC's firmware: buffer overflow - Active Directory configuration function

Affected Products

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for ASMB9-iKVM

Versions

Affected

1.11.12

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS720A-E9-RS24-E

Versions

Affected

1.10.3

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS700A-E9-RS4

Versions

Affected

1.10.0

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS700-E9-RS4

Versions

Affected

1.09

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for ESC4000 G4X

Versions

Affected

1.11.6

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS700-E9-RS12

Versions

Affected

1.11.5

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS100-E10-PI2

Versions

Affected

1.13.6

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS300-E10-PS4

Versions

Affected

1.13.6

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS300-E10-RS4

Versions

Affected

1.13.6

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS500A-E9-PS4

Versions

Affected

1.14.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS500A-E9-RS4

Versions

Affected

1.14.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS500A-E9 RS4

Versions

Affected

1.14.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for E700 G4

Versions

Affected

1.14.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for WS C422 PRO/SE

Versions

Affected

1.14.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for WS X299 PRO/SE

Versions

Affected

1.14.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for Z11PA-U12

Versions

Affected

1.15.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for Z11PA-U12/10G-2S

Versions

Affected

1.15.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for KNPA-U16

Versions

Affected

1.13.4

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for ESC4000 DHD G4

Versions

Affected

1.13.7

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for ESC4000 G4

Versions

Affected

1.15.2

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS720Q-E9-RS24-S

Versions

Affected

1.15.0

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS720Q-E9-RS8

Versions

Affected

1.15.0

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS720Q-E9-RS8-S

Versions

Affected

1.15.0

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for Z11PA-D8

Versions

Affected

1.14.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for Z11PA-D8C

Versions

Affected

1.14.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS720-E9-RS24-U

Versions

Affected

1.14.3

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS720-E9-RS8-G

Versions

Affected

1.15.2

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS500-E9-PS4

Versions

Affected

1.15.4

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for Pro E800 G4

Versions

Affected

1.14.2

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS500-E9-RS4

Versions

Affected

1.15.4

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS500-E9-RS4-U

Versions

Affected

1.15.4

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS520-E9-RS12-E

Versions

Affected

1.15.3

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS520-E9-RS8

Versions

Affected

1.15.3

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for ESC8000 G4

Versions

Affected

1.15.4

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for ESC8000 G4/10G

Versions

Affected

1.15.4

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS720-E9-RS12-E

Versions

Affected

1.15.2

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for WS C621E SAGE

Versions

Affected

1.15.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS500A-E10-PS4

Versions

Affected

1.15.2

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS500A-E10-RS4

Versions

Affected

1.15.2

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS700A-E9-RS12V2

Versions

Affected

1.15.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS700A-E9-RS4V2

Versions

Affected

1.15.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS720A-E9-RS12V2

Versions

Affected

1.15.2

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for RS720A-E9-RS24V2

Versions

Affected

1.15.1

Vendor

ASUS (ASUSTeK Computer Inc.)

Product

BMC firmware for Z11PR-D16

Versions

Affected

1.15.3

Problem Types

Type	CWE ID	Description
CWE	CWE-120	CWE-120 Buffer Overflow

Type: CWE

CWE ID: CWE-120

Description: CWE-120 Buffer Overflow

Metrics

Version	Base score	Base severity	Vector
3.1	4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 4.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Solutions

update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4

References

Hyperlink	Resource
https://www.asus.com/content/ASUS-Product-Security-Advisory/	x_refsource_MISC
https://www.asus.com/tw/support/callus/	x_refsource_MISC
https://www.twcert.org.tw/tw/cp-132-4567-34350-1.html	x_refsource_MISC

Hyperlink: https://www.asus.com/content/ASUS-Product-Security-Advisory/

Resource:

x_refsource_MISC

Hyperlink: https://www.asus.com/tw/support/callus/

Resource:

x_refsource_MISC

Hyperlink: https://www.twcert.org.tw/tw/cp-132-4567-34350-1.html

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.asus.com/content/ASUS-Product-Security-Advisory/	x_refsource_MISC x_transferred
https://www.asus.com/tw/support/callus/	x_refsource_MISC x_transferred
https://www.twcert.org.tw/tw/cp-132-4567-34350-1.html	x_refsource_MISC x_transferred

Hyperlink: https://www.asus.com/content/ASUS-Product-Security-Advisory/

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://www.asus.com/tw/support/callus/

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://www.twcert.org.tw/tw/cp-132-4567-34350-1.html

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:twcert@cert.org.tw

Published At:06 Apr, 2021 | 05:15

Updated At:13 Apr, 2021 | 19:28

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 4.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 4.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:N/A:P

CPE Matches

ASUS (ASUSTeK Computer Inc.)

>>asmb9-ikvm_firmware>>1.11.12

cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>asmb9-ikvm>>-

cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs720a-e9-rs24-e_firmware>>1.10.3

cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs720a-e9-rs24-e>>-

cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs700a-e9-rs4_firmware>>1.10.0

cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs700a-e9-rs4>>-

cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs700-e9-rs4_firmware>>1.09

cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs700-e9-rs4>>-

cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>esc4000_g4x_firmware>>1.11.6

cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>esc4000_g4x>>-

cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs700-e9-rs12_firmware>>1.11.5

cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs700-e9-rs12>>-

cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs100-e10-pi2_firmware>>1.13.6

cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs100-e10-pi2>>-

cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs300-e10-ps4_firmware>>1.13.6

cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs300-e10-ps4>>-

cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs300-e10-rs4_firmware>>1.13.6

cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs300-e10-rs4>>-

cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs500a-e9-ps4_firmware>>1.14.1

cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs500a-e9-ps4>>-

cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs500a-e9-rs4_firmware>>1.14.1

cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs500a-e9-rs4>>-

cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs500a-e9_rs4_u_firmware>>1.14.1

cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs500a-e9_rs4_u>>-

cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>e700_g4_firmware>>1.14.1

cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>e700_g4>>-

cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>ws_c422_pro\/se_firmware>>1.14.1

cpe:2.3:o:asus:ws_c422_pro\/se_firmware:1.14.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>ws_c422_pro\/se>>-

cpe:2.3:h:asus:ws_c422_pro\/se:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>ws_x299_pro\/se_firmware>>1.14.1

cpe:2.3:o:asus:ws_x299_pro\/se_firmware:1.14.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>ws_x299_pro\/se>>-

cpe:2.3:h:asus:ws_x299_pro\/se:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>z11pa-u12_firmware>>1.15.1

cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>z11pa-u12>>-

cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>z11pa-u12\/10g-2s_firmware>>1.15.1

cpe:2.3:o:asus:z11pa-u12\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>z11pa-u12\/10g-2s>>-

cpe:2.3:h:asus:z11pa-u12\/10g-2s:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>knpa-u16_firmware>>1.13.4

cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>knpa-u16>>-

cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>esc4000_dhd_g4_firmware>>1.13.7

cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>esc4000_dhd_g4>>-

cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>esc4000_g4_firmware>>1.15.2

cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>esc4000_g4>>-

cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs720q-e9-rs24-s_firmware>>1.15.0

cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs720q-e9-rs24-s>>-

cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs720q-e9-rs8_firmware>>1.15.0

cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs720q-e9-rs8>>-

cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs720q-e9-rs8-s_firmware>>1.15.0

cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>rs720q-e9-rs8-s>>-

cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>z11pa-d8_firmware>>1.14.1

cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>z11pa-d8>>-

cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>z11pa-d8c_firmware>>1.14.1

cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>z11pa-d8c>>-

cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	nvd@nist.gov
CWE-120	Secondary	twcert@cert.org.tw

CWE ID: CWE-120

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-120

Type: Secondary

Source: twcert@cert.org.tw

References

Hyperlink	Source	Resource
https://www.asus.com/content/ASUS-Product-Security-Advisory/	twcert@cert.org.tw	Vendor Advisory
https://www.asus.com/tw/support/callus/	twcert@cert.org.tw	Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-4567-34350-1.html	twcert@cert.org.tw	Third Party Advisory

Hyperlink: https://www.asus.com/content/ASUS-Product-Security-Advisory/

Source: twcert@cert.org.tw

Resource:

Vendor Advisory

Hyperlink: https://www.asus.com/tw/support/callus/

Source: twcert@cert.org.tw

Resource:

Vendor Advisory

Hyperlink: https://www.twcert.org.tw/tw/cp-132-4567-34350-1.html

Source: twcert@cert.org.tw

Resource:

Third Party Advisory

Similar CVEs

54Records found

CVE-2024-52754

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-3.5||LOW

EPSS-0.17% / 38.84%

7 Day CHG~0.00%

Published-20 Nov, 2024 | 00:00

Updated-22 Nov, 2024 | 17:15

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.

Vendor-n/a D-Link Corporation

Product-di-8003_firmware di-8003 n/a

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-27908

Matching Score-4

Assigner-Lenovo Group Ltd.

View Details

Matching Score-4

Assigner-Lenovo Group Ltd.

CVSS Score-4.9||MEDIUM

EPSS-0.05% / 16.50%

7 Day CHG~0.00%

Published-05 Apr, 2024 | 20:46

Updated-02 Aug, 2024 | 00:41

A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service.

Vendor-Lenovo Group Limited

Product-Printers

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-6343

Matching Score-4

Assigner-Zyxel Corporation

View Details

Matching Score-4

Assigner-Zyxel Corporation

CVSS Score-4.9||MEDIUM

EPSS-0.19% / 41.16%

7 Day CHG~0.00%

Published-03 Sep, 2024 | 01:28

Updated-13 Dec, 2024 | 16:14

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2020-6999

Matching Score-4

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Matching Score-4

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-6.5||MEDIUM

EPSS-0.29% / 51.99%

7 Day CHG~0.00%

Published-26 Mar, 2020 | 12:06

Updated-04 Aug, 2024 | 09:18

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.

Vendor-n/a Moxa Inc.

Product-mds-g516e mds-g516e_firmware Moxa EDS-G516E Series firmware, Version 5.2 or lower

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-28197

Credits

ASUS BMC's firmware: buffer overflow - Active Directory configuration function

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts