PT-2018-4955 · Asus · Asus Rp-Ac52

Ian Smith

Published

2018-07-13

Updated

2019-10-09

CVE-2016-6557

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ASUS RP-AC52 version 1.0.1.1s and possibly earlier

Description The web interface in the affected access points does not sufficiently verify whether a valid request was intentionally provided by the user. This allows an attacker to perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.

Recommendations For version 1.0.1.1s and possibly earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2016-6557

Affected Products

Asus Rp-Ac52

PT-2018-4955 · Asus · Asus Rp-Ac52

CVE-2016-6557

Weakness Enumeration

Related Identifiers

Affected Products

References · 4