PT-2018-4955 · Asus · Asus Rp-Ac52

Ian Smith

Publicado

2018-07-13

Atualizado

2019-10-09

CVE-2016-6557

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ASUS RP-AC52 version 1.0.1.1s and possibly earlier

Description The web interface in the affected access points does not sufficiently verify whether a valid request was intentionally provided by the user. This allows an attacker to perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.

Recommendations For version 1.0.1.1s and possibly earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2016-6557

Produtos afetados

Asus Rp-Ac52

PT-2018-4955 · Asus · Asus Rp-Ac52

CVE-2016-6557

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4