Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2018/07/13 8:29 p.m.12 views

CVE-2016-6558

A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...

9.8CVSS9.8AI score0.04035EPSS
Exploits0References2
Prion
Prionadded 2018/07/13 8:29 p.m.10 views

Command injection

A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...

7.5CVSS8AI score0.04035EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2018/07/13 8:29 p.m.1 views

CVE-2016-6558

A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...

9.8CVSS5.9AI score
Exploits0References2
CVE
CVEadded 2018/07/13 8:0 p.m.41 views

CVE-2016-6558

CVE-2016-6558 describes a command injection in the ASUS RP-AC52 web interface via apply.cgi, specifically in the action_script parameter. If action_script does not match a hard-coded option, input is passed to system() or eval(), enabling arbitrary commands. Affected firmware is 1.0.1.1s and poss...

9.8CVSS9.9AI score0.04035EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2018/01/17 6:29 a.m.10 views

CVE-2018-5721

Stack-based buffer overflow in the ejupdatevariables function in router/httpd/web.c on ASUS routers when using software from https://github.com/RMerl/asuswrt-merlin allows web authenticated attackers to execute code via a request that updates a setting. In ejupdatevariables, the length of the...

8.8CVSS8.9AI score0.01725EPSS
Exploits1References1
Prion
Prionadded 2015/03/23 4:59 p.m.10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the 1 nextpage, 2 groupid, 3 actionscript, or 4 flag parameter to startapply.htm...

4.3CVSS6.1AI score0.00336EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2015/03/23 4:0 p.m.14 views

CVE-2015-2681

Multiple cross-site scripting XSS vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the 1 nextpage, 2 groupid, 3 actionscript, or 4 flag parameter to startapply.htm...

5.9AI score0.00336EPSS
Exploits1References4
Rows per page
Query Builder