CVE-2016-6557

Summary

In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.

Affected Software

VendorProductVersion RangeStatus
ASUSRP-AC52 Access Point1.0.1.1saffected

Weaknesses

  • CWE-352: CWE-352

ADP Enrichment

CVE Program Container

Additional References

References