CVE-2026-3820
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation.
Potential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SMCI | AS-2115HS-TNR | 01.08.01 | affected |
| SMCI | AS-2115HS-TNR | 01.06.04 | affected |
Weaknesses
- CWE-78: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.