Filtered by vendor Asus Subscriptions
Filtered by product Wmp-n12 Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-6558 1 Asus 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more 2024-11-21 N/A
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.
CVE-2016-6557 1 Asus 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more 2024-11-21 N/A
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.