CWE
120 119
Advisory Published
Updated

CVE-2021-28192: ASUS BMC's firmware: buffer overflow - Remote video storage function

First published: Tue Apr 06 2021(Updated: )

The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Credit: twcert@cert.org.tw

Affected SoftwareAffected VersionHow to fix
Asus ASMB9-IKVM=1.11.12
Asus Asmb9-ikvm Firmware
Asus RS720A-E9-RS24-E=1.10.3
Asus Rs720a-e9-rs24-e Firmware
Asus RS700A-E9-RS4V2=1.10.0
Asus RS700A-E9-RS4V2
Asus RS700-E9-RS4=1.09
Asus Rs700-e9-rs4 Firmware
Asus Esc4000 G4x Firmware=1.11.6
Asus Esc4000 G4x Firmware
Asus RS700-E9-RS12=1.11.5
Asus RS700-E9-RS12
Asus RS100-E10-PI2=1.13.6
Asus RS100-E10-PI2
Asus RS300-E10-PS4=1.13.6
Asus RS300-E10-PS4 Firmware
Asus RS300-E10-RS4=1.13.6
Asus RS300-E10-RS4 Firmware
Asus RS500A-E9-PS4=1.14.1
Asus RS500-E9-PS4
Asus RS500A-E9 RS4 U=1.14.1
Asus RS500A-E9 RS4 U
Asus RS500A-E9-PS4=1.14.1
Asus RS500A-E9 RS4 U Firmware
Asus E700 G4=1.14.1
Asus E700 G4
Asus WS C422 Pro/SE Firmware=1.14.1
Asus WS C422 Pro/SE
Asus Ws X299 Pro/se Firmware=1.14.1
Asus WS X299 Pro/SE
Asus Z11pa-u12 Firmware=1.15.1
Asus Z11pa-u12 Firmware
Asus Z11pa-u12/10g-2s Firmware=1.15.1
Asus Z11pa-u12/10g-2s
Asus Knpa-u16=1.13.4
Asus Knpa-u16 Firmware
Asus Esc4000 Dhd G4=1.13.7
Asus Esc4000 Dhd G4
Asus Esc4000 G4=1.15.2
Asus Esc4000 G4 Firmware
Asus RS720Q-E9-RS24-S Firmware=1.15.0
Asus RS720Q-E9-RS24-S Firmware
Asus RS720Q-E9-RS8=1.15.0
Asus RS720Q-E9-RS8 Firmware
Asus RS720Q-E9-RS8-S=1.15.0
Asus Rs720q-e9-rs24-s
Asus Z11pa-d8=1.14.1
Asus Z11pa-d8 Firmware
Asus Z11pa-d8c Firmware=1.14.1
Asus Z11pa-d8c Firmware
Asus RS720-E9-RS24-U=1.14.3
Asus RS720-E9-RS24-U
Asus RS720-E9-RS8-G=1.15.2
Asus Rs720-e9-rs8-g Firmware
Asus RS500A-E9-PS4=1.15.4
Asus RS500-E9-PS4
Asus Pro E800 G4=1.14.2
Asus Pro E800 G4
Asus RS500-E9-RS4 Firmware=1.15.4
Asus RS500-E9-RS4 Firmware
Asus Rs500-e9-rs4=1.15.4
Asus Rs500-e9-rs4
Asus RS520-E9-RS12-E=1.15.3
Asus RS520-E9-RS12-E Firmware
Asus RS520-E9-RS8=1.15.3
Asus Rs520-e9-rs8 Firmware
Asus Esc8000 G4/10g Firmware=1.15.4
Asus Esc8000 G4/10g Firmware
Asus Esc8000 G4/10g Firmware=1.15.4
Asus Esc8000 G4/10g
Asus RS520-E9-RS12-E Firmware=1.15.2
Asus RS720-E9-RS12-E Firmware
Asus WS C621E Sage=1.15.1
Asus Ws C621e Sage Firmware
Asus RS500A-E10-PS4=1.15.2
Asus Rs500a-e10-ps4 Firmware
Asus RS500A-E10-RS4=1.15.2
Asus RS500A-E10-RS4
Asus RS700A-E9-RS12V2=1.15.1
Asus RS720A-E9-RS12V2
Asus RS700A-E9-RS4V2=1.15.1
Asus RS700A-E9-RS4V2 Firmware
Asus RS720A-E9-RS12V2=1.15.2
Asus RS720A-E9-RS12V2
Asus Rs720a-e9-rs24v2=1.15.1
Asus Rs720a-e9-rs24v2 Firmware
Asus Z11pr-d16=1.15.3
Asus Z11pr-d16 Firmware

Remedy

update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2021-28192?

    CVE-2021-28192 is classified as a high severity vulnerability due to the potential for remote code execution via buffer overflow.

  • How do I fix CVE-2021-28192?

    The recommended fix for CVE-2021-28192 is to update the ASUS BMC firmware to the latest version provided by ASUS.

  • Which ASUS firmware versions are affected by CVE-2021-28192?

    The affected ASUS firmware versions for CVE-2021-28192 include 1.11.12 for the Asmb9-ikvm Firmware, 1.10.3 for the Rs720a-e9-rs24-e Firmware, and several others listed in security advisories.

  • What potential impact does CVE-2021-28192 have?

    The potential impact of CVE-2021-28192 includes unauthorized access and control over the affected systems via remote exploitation.

  • Are there any workarounds for CVE-2021-28192?

    Temporary mitigation measures for CVE-2021-28192 may include restricting access to the management interface until the firmware is updated.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203