CVE-2016-6557
moderate-risk
Published 2018-07-13
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
Do I need to act?
-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (7)
Rp-Ac52 Firmware
Ea-N66 Firmware
Rp-N12 Firmware
Rp-N14 Firmware
Rp-N53 Firmware
Rp-Ac56 Firmware
Wmp-N12 Firmware
Affected Vendors
References (4)
Third Party Advisory
https://www.kb.cert.org/vuls/id/763843
Third Party Advisory
https://www.securityfocus.com/bid/93596
Third Party Advisory
https://www.kb.cert.org/vuls/id/763843
Third Party Advisory
https://www.securityfocus.com/bid/93596
44
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
0/34 · Minimal
Exposure
14/34 · Moderate