CVE-2016-6558
N/A
N/A
Summary
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ASUS | RP-AC52 Access Point | 1.0.1.1s | affected |
Weaknesses
- CWE-77: CWE-77
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.