{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T20:08:29.167","vulnerabilities":[{"cve":{"id":"CVE-2021-28203","sourceIdentifier":"twcert@cert.org.tw","published":"2021-04-06T05:15:16.927","lastModified":"2024-11-21T05:59:21.187","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."},{"lang":"es","value":"La función Web Set Media Image en la página de administración Web del firmware de ASUS BMC, no filtra el parámetro specific. Como obtener el permiso de administrador, unos atacantes remotos pueden iniciar una inyección de comandos para ejecutar un comando arbitrario"}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:asus:z10pr-d16_firmware:1.14.51:*:*:*:*:*:*:*","matchCriteriaId":"F38D0E80-BD62-46A7-B1CD-6C7045FF7F79"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:asus:z10pr-d16:-:*:*:*:*:*:*:*","matchCriteriaId":"A340A0CE-8BD2-420A-814B-5585C08A4CCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:asus:asmb8-ikvm_firmware:1.14.51:*:*:*:*:*:*:*","matchCriteriaId":"4D98B9CE-6675-48A4-98A3-6E5DA19A2480"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:asus:asmb8-ikvm:-:*:*:*:*:*:*:*","matchCriteriaId":"1A2F069D-18EE-49A3-A8EB-3C745425BFFE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:asus:z10pe-d16_ws_firmware:1.14.2:*:*:*:*:*:*:*","matchCriteriaId":"0B5DB0A7-B863-4AFF-BEB6-6958F921C016"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:asus:z10pe-d16_ws:-:*:*:*:*:*:*:*","matchCriteriaId":"51F61A82-6BBE-4758-9789-7CE6FCB9E20D"}]}]}],"references":[{"url":"https://www.asus.com/content/ASUS-Product-Security-Advisory/","source":"twcert@cert.org.tw","tags":["Vendor Advisory"]},{"url":"https://www.asus.com/tw/support/callus/","source":"twcert@cert.org.tw","tags":["Vendor Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.asus.com/content/ASUS-Product-Security-Advisory/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.asus.com/tw/support/callus/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}