Vulnerability Description
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asus | Rp-Ac52 Firmware | <= 1.0.1.1s |
| Asus | Rp-Ac52 | - |
| Asus | Ea-N66 Firmware | - |
| Asus | Ea-N66 | - |
| Asus | Rp-N12 Firmware | - |
| Asus | Rp-N12 | - |
| Asus | Rp-N14 Firmware | - |
| Asus | Rp-N14 | - |
| Asus | Rp-N53 Firmware | - |
| Asus | Rp-N53 | - |
| Asus | Rp-Ac56 Firmware | - |
| Asus | Rp-Ac56 | - |
| Asus | Wmp-N12 Firmware | - |
| Asus | Wmp-N12 | - |
Related Weaknesses (CWE)
References
- https://www.kb.cert.org/vuls/id/763843Third Party AdvisoryUS Government Resource
- https://www.securityfocus.com/bid/93596Third Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/763843Third Party AdvisoryUS Government Resource
- https://www.securityfocus.com/bid/93596Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-6557?
CVE-2016-6557 is a vulnerability with a CVSS score of 8.8 (HIGH). In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided ...
How severe is CVE-2016-6557?
CVE-2016-6557 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6557?
Check the references section above for vendor advisories and patch information. Affected products include: Asus Rp-Ac52 Firmware, Asus Rp-Ac52, Asus Ea-N66 Firmware, Asus Ea-N66, Asus Rp-N12 Firmware.