CVE-2016-6558
The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to command injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.
Existe una vulnerabilidad de inyección de comandos en apply.cgi en el punto de acceso de ASUS RP-AC52 en su versión del firmware 1.0.1.1s y posiblemente anteriores, en la interfaz web; específicamente en el parámetro action_script. El parámetro action_script especifica un script para que sea ejecutado si el parámetro action_mode no contiene un estado válido. Si la entrada proporcionada por action_script no coincide con una de las opciones embebidas, se ejecutará como el argumento de una llamada system() o eval(), lo que permite que se ejecuten comandos arbitrarios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-08-03 CVE Reserved
- 2018-07-13 CVE Published
- 2023-12-04 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.kb.cert.org/vuls/id/763843 | Third Party Advisory | |
https://www.securityfocus.com/bid/93596 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Asus Search vendor "Asus" | Rp-ac52 Firmware Search vendor "Asus" for product "Rp-ac52 Firmware" | <= 1.0.1.1s Search vendor "Asus" for product "Rp-ac52 Firmware" and version " <= 1.0.1.1s" | - |
Affected
| in | Asus Search vendor "Asus" | Rp-ac52 Search vendor "Asus" for product "Rp-ac52" | - | - |
Safe
|
Asus Search vendor "Asus" | Ea-n66 Firmware Search vendor "Asus" for product "Ea-n66 Firmware" | - | - |
Affected
| in | Asus Search vendor "Asus" | Ea-n66 Search vendor "Asus" for product "Ea-n66" | - | - |
Safe
|
Asus Search vendor "Asus" | Rp-n12 Firmware Search vendor "Asus" for product "Rp-n12 Firmware" | - | - |
Affected
| in | Asus Search vendor "Asus" | Rp-n12 Search vendor "Asus" for product "Rp-n12" | - | - |
Safe
|
Asus Search vendor "Asus" | Rp-n14 Firmware Search vendor "Asus" for product "Rp-n14 Firmware" | - | - |
Affected
| in | Asus Search vendor "Asus" | Rp-n14 Search vendor "Asus" for product "Rp-n14" | - | - |
Safe
|
Asus Search vendor "Asus" | Rp-n53 Firmware Search vendor "Asus" for product "Rp-n53 Firmware" | - | - |
Affected
| in | Asus Search vendor "Asus" | Rp-n53 Search vendor "Asus" for product "Rp-n53" | - | - |
Safe
|
Asus Search vendor "Asus" | Rp-ac56 Firmware Search vendor "Asus" for product "Rp-ac56 Firmware" | - | - |
Affected
| in | Asus Search vendor "Asus" | Rp-ac56 Search vendor "Asus" for product "Rp-ac56" | - | - |
Safe
|
Asus Search vendor "Asus" | Wmp-n12 Firmware Search vendor "Asus" for product "Wmp-n12 Firmware" | - | - |
Affected
| in | Asus Search vendor "Asus" | Wmp-n12 Search vendor "Asus" for product "Wmp-n12" | - | - |
Safe
|