{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T04:53:43.955","vulnerabilities":[{"cve":{"id":"CVE-2021-28204","sourceIdentifier":"twcert@cert.org.tw","published":"2021-04-06T05:15:17.050","lastModified":"2024-11-21T05:59:21.320","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."},{"lang":"es","value":"La función specific en la página de administración Web del firmware de ASUS BMC (Modifica la función de información del usuario) no filtra el parámetro specific. Como obtener el permiso de administrador, unos atacantes remotos pueden iniciar una inyección de comandos para ejecutar un comando arbitrario"}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:asus:z10pr-d16_firmware:1.14.51:*:*:*:*:*:*:*","matchCriteriaId":"F38D0E80-BD62-46A7-B1CD-6C7045FF7F79"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:asus:z10pr-d16:-:*:*:*:*:*:*:*","matchCriteriaId":"A340A0CE-8BD2-420A-814B-5585C08A4CCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:asus:asmb8-ikvm_firmware:1.14.51:*:*:*:*:*:*:*","matchCriteriaId":"4D98B9CE-6675-48A4-98A3-6E5DA19A2480"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:asus:asmb8-ikvm:-:*:*:*:*:*:*:*","matchCriteriaId":"1A2F069D-18EE-49A3-A8EB-3C745425BFFE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:asus:z10pe-d16_ws_firmware:1.14.2:*:*:*:*:*:*:*","matchCriteriaId":"0B5DB0A7-B863-4AFF-BEB6-6958F921C016"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:asus:z10pe-d16_ws:-:*:*:*:*:*:*:*","matchCriteriaId":"51F61A82-6BBE-4758-9789-7CE6FCB9E20D"}]}]}],"references":[{"url":"https://www.asus.com/content/ASUS-Product-Security-Advisory/","source":"twcert@cert.org.tw","tags":["Vendor Advisory"]},{"url":"https://www.asus.com/tw/support/callus/","source":"twcert@cert.org.tw","tags":["Vendor Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.asus.com/content/ASUS-Product-Security-Advisory/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.asus.com/tw/support/callus/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}