Hoang Bui

**Name of the Vulnerable Software and Affected Versions** Supermicro AS-2115HS-TNR (affected versions not specified) **Description** The SMTP service in the Supermicro BMC contains a command injection flaw. An attacker with administrator privileges can inject specially crafted characters into the SMTP service configuration, leading the underlying system to execute unintended commands during process invocation. This can result in arbitrary code execution, denial-of-service attacks, or permanent compromise of the controller. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.