Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

x9sre-3f

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2013-3607
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-14.62% / 94.65%
||
7 Day CHG~0.00%
Published-08 Sep, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.

Action-Not Available
Vendor-supermicron/a
Product-x9dr3-ln4f\+x9drh-7tfx8dtu-6tf\+x9dr7-ln4f-jbodx8dtl-3fx9dr7-ln4fx9drw-3ln4f\+h8sml-ix9drff-7x9scm-fx8siu-fx8sit-fx8dtl-ifx9drl-ifx9qr7-tf-jbodx9sca-fx9dax-if-hftx9drff-i\+x9dr7-tf\+x9sci-ln4fx9scm-iifx7spa-hf-d525x8dtu-6f\+x9scl\+-fx9drd-7jln4fx8sit-hfh8dgg-qfx9drt-ibqfx8sie-fx9dax-ifh8sme-fx9dax-7f-hftx9drd-7ln4fx9dre-ln4fx9drl-3fx9drff-7tg\+x9drg-htf\+h8dct-hibqfx9drh-itfh8dgu-ln4f\+x9dbl-ifx9drt-h6ibqfx9dax-7tfx7spa-hfx8dtu-ln4f\+x9dbi-tpfx8dtu-6tf\+-lrh8dct-ibqfx9srl-fx9drl-efx9drt-ibffx8dtn\+-fx9sbaa-fx8dtu-ln4f\+-lrx8sie-ln4fx9srg-fh8sml-ifx9dax-7fx9drg-hf\+x9dbl-3fx9drfrh8dcl-6fx9dr3-fx9dbu-ifx9drff-ig\+x9sri-3fx9drt-fx9drw-7tpf\+x9sri-fx9drff-7g\+x9scff-fh8sgl-fh8dgt-hlfx9db3-tpfx9srw-fx9sre-3fx8sia-fx9drd-efx9dri-fx8si6-fx9drffx9sre-fx7spe-hf-d525x9drt-hf\+h8dg6-fh8scm-fx9db3-fh8dgt-hfx8dtn\+-f-lrx9drh-ifx7spt-df-d525\+x9drg-hfx9drff-it\+x9scl-fx7spt-df-d525x9spu-fx9drg-htfh8dct-hln4fx9drw-itpf\+h8dgu-fx9dbi-fx9dri-ln4f\+x9drff-7\+h8sml-7x9dre-tf\+x8dtl-6fx9drff-7t\+x9srd-fx8sil-fx9qr7-tf\+x7spe-h-d525x9drff-itg\+x8dtu-6f\+-lrh8dgi-fx9qri-fh8dgt-hibqfx9qr7-tfx9drh-7fx9scd-fx9drd-ifh8dgt-hlibqfx9drt-h6ibffx9drd-7ln4f-jbodx9sce-fx9qri-f\+h8dcl-ifx9dbu-3fx9drw-3tf\+h8sml-7fx7spe-hfx9drx\+-fx9dax-itfx9drt-h6fn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3608
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-1.89% / 83.67%
||
7 Day CHG~0.00%
Published-08 Sep, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.

Action-Not Available
Vendor-supermicron/a
Product-x9dr3-ln4f\+x9drh-7tfx8dtu-6tf\+x9dr7-ln4f-jbodx8dtl-3fx9dr7-ln4fx9drw-3ln4f\+h8sml-ix9drff-7x9scm-fx8siu-fx8sit-fx8dtl-ifx9drl-ifx9qr7-tf-jbodx9sca-fx9dax-if-hftx9drff-i\+x9dr7-tf\+x9sci-ln4fx9scm-iifx7spa-hf-d525x8dtu-6f\+x9scl\+-fx9drd-7jln4fx8sit-hfh8dgg-qfx9drt-ibqfx8sie-fx9dax-ifh8sme-fx9dax-7f-hftx9drd-7ln4fx9dre-ln4fx9drl-3fx9drff-7tg\+x9drg-htf\+h8dct-hibqfx9drh-itfh8dgu-ln4f\+x9dbl-ifx9drt-h6ibqfx9dax-7tfx7spa-hfx8dtu-ln4f\+x9dbi-tpfx8dtu-6tf\+-lrh8dct-ibqfx9srl-fx9drl-efx9drt-ibffx8dtn\+-fx9sbaa-fx8dtu-ln4f\+-lrx8sie-ln4fx9srg-fh8sml-ifx9dax-7fx9drg-hf\+x9dbl-3fx9drfrh8dcl-6fx9dr3-fx9dbu-ifx9drff-ig\+x9sri-3fx9drt-fx9drw-7tpf\+x9sri-fx9drff-7g\+x9scff-fh8sgl-fh8dgt-hlfx9db3-tpfx9srw-fx9sre-3fx8sia-fx9drd-efx9dri-fx8si6-fx9drffx9sre-fx7spe-hf-d525x9drt-hf\+h8dg6-fh8scm-fx9db3-fh8dgt-hfx8dtn\+-f-lrx9drh-ifx7spt-df-d525\+x9drg-hfx9drff-it\+x9scl-fx7spt-df-d525x9spu-fx9drg-htfh8dct-hln4fx9drw-itpf\+h8dgu-fx9dbi-fx9dri-ln4f\+x9drff-7\+h8sml-7x9dre-tf\+x8dtl-6fx9drff-7t\+x9srd-fx8sil-fx9qr7-tf\+x7spe-h-d525x9drff-itg\+x8dtu-6f\+-lrh8dgi-fx9qri-fh8dgt-hibqfx9qr7-tfx9drh-7fx9scd-fx9drd-ifh8dgt-hlibqfx9drt-h6ibffx9drd-7ln4f-jbodx9sce-fx9qri-f\+h8dcl-ifx9dbu-3fx9drw-3tf\+h8sml-7fx7spe-hfx9drx\+-fx9dax-itfx9drt-h6fn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3609
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-1.59% / 82.15%
||
7 Day CHG~0.00%
Published-08 Sep, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.

Action-Not Available
Vendor-supermicron/a
Product-x9dr3-ln4f\+x9drh-7tfx8dtu-6tf\+x9dr7-ln4f-jbodx8dtl-3fx9dr7-ln4fx9drw-3ln4f\+h8sml-ix9drff-7x9scm-fx8siu-fx8sit-fx8dtl-ifx9drl-ifx9qr7-tf-jbodx9sca-fx9dax-if-hftx9drff-i\+x9dr7-tf\+x9sci-ln4fx9scm-iifx7spa-hf-d525x8dtu-6f\+x9scl\+-fx9drd-7jln4fx8sit-hfh8dgg-qfx9drt-ibqfx8sie-fx9dax-ifh8sme-fx9dax-7f-hftx9drd-7ln4fx9dre-ln4fx9drl-3fx9drff-7tg\+x9drg-htf\+h8dct-hibqfx9drh-itfh8dgu-ln4f\+x9dbl-ifx9drt-h6ibqfx9dax-7tfx7spa-hfx8dtu-ln4f\+x9dbi-tpfx8dtu-6tf\+-lrh8dct-ibqfx9srl-fx9drl-efx9drt-ibffx8dtn\+-fx9sbaa-fx8dtu-ln4f\+-lrx8sie-ln4fx9srg-fh8sml-ifx9dax-7fx9drg-hf\+x9dbl-3fx9drfrh8dcl-6fx9dr3-fx9dbu-ifx9drff-ig\+x9sri-3fx9drt-fx9drw-7tpf\+x9sri-fx9drff-7g\+x9scff-fh8sgl-fh8dgt-hlfx9db3-tpfx9srw-fx9sre-3fx8sia-fx9drd-efx9dri-fx8si6-fx9drffx9sre-fx7spe-hf-d525x9drt-hf\+h8dg6-fh8scm-fx9db3-fh8dgt-hfx8dtn\+-f-lrx9drh-ifx7spt-df-d525\+x9drg-hfx9drff-it\+x9scl-fx7spt-df-d525x9spu-fx9drg-htfh8dct-hln4fx9drw-itpf\+h8dgu-fx9dbi-fx9dri-ln4f\+x9drff-7\+h8sml-7x9dre-tf\+x8dtl-6fx9drff-7t\+x9srd-fx8sil-fx9qr7-tf\+x7spe-h-d525x9drff-itg\+x8dtu-6f\+-lrh8dgi-fx9qri-fh8dgt-hibqfx9qr7-tfx9drh-7fx9scd-fx9drd-ifh8dgt-hlibqfx9drt-h6ibffx9drd-7ln4f-jbodx9sce-fx9qri-f\+h8dcl-ifx9dbu-3fx9drw-3tf\+h8sml-7fx7spe-hfx9drx\+-fx9dax-itfx9drt-h6fn/a
CWE ID-CWE-20
Improper Input Validation