Unauthenticated Remote Command Execution in ASUS RP-AC52 Access Points

Unauthenticated Remote Command Execution in ASUS RP-AC52 Access Points

CVE-2016-6557 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.

Learn more about our Web App Pen Testing.