13 matches found
EUVD-2016-7479
Malware in sbrugna...
EUVD-2016-7478
Malware in sbrugna...
CVE-2016-6558
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...
Command injection
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...
Server side request forgery (ssrf)
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided...
CVE-2016-6558
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...
CVE-2016-6557
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided...
CVE-2016-6557
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided...
CVE-2016-6558
CVE-2016-6558 describes a command injection in the ASUS RP-AC52 web interface via apply.cgi, specifically in the action_script parameter. If action_script does not match a hard-coded option, input is passed to system() or eval(), enabling arbitrary commands. Affected firmware is 1.0.1.1s and poss...
CVE-2016-6557
The CVE-2016-6557 issue affects ASUS RP-AC52 (firmware 1.0.1.1s and possibly earlier). The web interface fails to sufficiently verify that a request is intentional, allowing CSRF where an attacker can perform actions with the victim’s permissions if the victim has an active session and is induced...
CVE-2016-6557 The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided...
CVE-2016-6558 The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to command injection
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...
ASUS RP-AC52 contains multiple vulnerabilities
Overview The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery and command injection. Description CWE-352:Cross-Site Request ForgeryCSRF- CVE-2016-6557 The RP-AC52 web interface does not sufficiently verify whether a valid reque...