cvelistv5 - CVE-2016-6557

CVE-2016-6557 (GCVE-0-2016-6557)

Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36

Summary

Severity ?

No CVSS data available.

CWE

CWE-352

Assigner

certcc

References

URL

Tags

	https://www.securityfocus.com/bid/93596	vdb-entryx_refsource_BID
	https://www.kb.cert.org/vuls/id/763843	third-party-advisoryx_refsource_CERT-VN

Impacted products

	Vendor	Product	Version
	ASUS	RP-AC52 Access Point	Affected: 1.0.1.1s

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:36:28.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93596",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/93596"
          },
          {
            "name": "VU#763843",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/763843"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RP-AC52 Access Point",
          "vendor": "ASUS",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.1.1s"
            }
          ]
        }
      ],
      "datePublic": "2016-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-13T19:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "93596",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "https://www.securityfocus.com/bid/93596"
        },
        {
          "name": "VU#763843",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/763843"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-6557",
          "STATE": "PUBLIC",
          "TITLE": "The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RP-AC52 Access Point",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "1.0.1.1s",
                            "version_value": "1.0.1.1s"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ASUS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93596",
              "refsource": "BID",
              "url": "https://www.securityfocus.com/bid/93596"
            },
            {
              "name": "VU#763843",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/763843"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-6557",
    "datePublished": "2018-07-13T20:00:00",
    "dateReserved": "2016-08-03T00:00:00",
    "dateUpdated": "2024-08-06T01:36:28.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:asus:rp-ac52_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.1.1s\", \"matchCriteriaId\": \"95CD566C-50C6-4D73-BDA5-707210513B0E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:asus:rp-ac52:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D3F3FE0-63F5-4D0F-9C3A-C1D39B16AED1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:asus:ea-n66_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7C9567D-E5BA-42C9-A51A-05D431510B0B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:asus:ea-n66:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7061553F-CA97-4021-A804-C29D1AE54AAF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:asus:rp-n12_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A1B21FE-3A45-48DA-91BC-9A8CD8C7BD0C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:asus:rp-n12:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4291D2D-4C30-4E5A-94D9-0D465C9CFD88\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:asus:rp-n14_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDB07468-ECC0-4A52-9BDA-A8207F467250\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:asus:rp-n14:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1B193A7-7C51-457C-A475-7DFF6458D4BF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:asus:rp-n53_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0C97695-0E2B-461F-8C08-A4E709C67A77\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:asus:rp-n53:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39A8C124-CB6C-4F45-9C1B-0E52C59E42AD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:asus:rp-ac56_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2C2FAC7-3DB8-4313-8AB6-2E1E8BE66201\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:asus:rp-ac56:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"211D70E6-1FF9-4E0F-BA34-6A1329E4F01B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:asus:wmp-n12_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFA89FE0-E934-4519-B49C-FAAFBA26150B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:asus:wmp-n12:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E35AD500-683F-4C96-B0CE-74029076083F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.\"}, {\"lang\": \"es\", \"value\": \"En los puntos de acceso ASUS RP-AC52 con versiones de firmware 1.0.1.1s y posiblemente anteriores, la interfaz web no verifica lo suficiente si una petici\\u00f3n v\\u00e1lida ha sido proporcionada intencionadamente por el usuario. Un atacante puede realizar acciones con los mismos permisos que los del usuario v\\u00edctima, siempre que la v\\u00edctima tenga una sesi\\u00f3n activa y sea inducida a desencadenar la petici\\u00f3n maliciosa.\"}]",
      "id": "CVE-2016-6557",
      "lastModified": "2024-11-21T02:56:21.063",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-07-13T20:29:00.817",
      "references": "[{\"url\": \"https://www.kb.cert.org/vuls/id/763843\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.securityfocus.com/bid/93596\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/763843\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.securityfocus.com/bid/93596\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6557\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-07-13T20:29:00.817\",\"lastModified\":\"2024-11-21T02:56:21.063\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.\"},{\"lang\":\"es\",\"value\":\"En los puntos de acceso ASUS RP-AC52 con versiones de firmware 1.0.1.1s y posiblemente anteriores, la interfaz web no verifica lo suficiente si una petici\u00f3n v\u00e1lida ha sido proporcionada intencionadamente por el usuario. Un atacante puede realizar acciones con los mismos permisos que los del usuario v\u00edctima, siempre que la v\u00edctima tenga una sesi\u00f3n activa y sea inducida a desencadenar la petici\u00f3n maliciosa.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rp-ac52_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.1.1s\",\"matchCriteriaId\":\"95CD566C-50C6-4D73-BDA5-707210513B0E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rp-ac52:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D3F3FE0-63F5-4D0F-9C3A-C1D39B16AED1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:ea-n66_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7C9567D-E5BA-42C9-A51A-05D431510B0B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:ea-n66:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7061553F-CA97-4021-A804-C29D1AE54AAF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rp-n12_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A1B21FE-3A45-48DA-91BC-9A8CD8C7BD0C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rp-n12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4291D2D-4C30-4E5A-94D9-0D465C9CFD88\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rp-n14_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB07468-ECC0-4A52-9BDA-A8207F467250\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rp-n14:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1B193A7-7C51-457C-A475-7DFF6458D4BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rp-n53_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C97695-0E2B-461F-8C08-A4E709C67A77\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rp-n53:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39A8C124-CB6C-4F45-9C1B-0E52C59E42AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rp-ac56_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2C2FAC7-3DB8-4313-8AB6-2E1E8BE66201\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rp-ac56:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"211D70E6-1FF9-4E0F-BA34-6A1329E4F01B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:wmp-n12_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFA89FE0-E934-4519-B49C-FAAFBA26150B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:wmp-n12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E35AD500-683F-4C96-B0CE-74029076083F\"}]}]}],\"references\":[{\"url\":\"https://www.kb.cert.org/vuls/id/763843\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/93596\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/763843\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/93596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

FKIE_CVE-2016-6557

Vulnerability from fkie_nvd - Published: 2018-07-13 20:29 - Updated: 2024-11-21 02:56

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	https://www.kb.cert.org/vuls/id/763843	Third Party Advisory, US Government Resource
cret@cert.org	https://www.securityfocus.com/bid/93596	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/763843	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.securityfocus.com/bid/93596	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
asus	rp-ac52_firmware	*
asus	rp-ac52	-
asus	ea-n66_firmware	-
asus	ea-n66	-
asus	rp-n12_firmware	-
asus	rp-n12	-
asus	rp-n14_firmware	-
asus	rp-n14	-
asus	rp-n53_firmware	-
asus	rp-n53	-
asus	rp-ac56_firmware	-
asus	rp-ac56	-
asus	wmp-n12_firmware	-
asus	wmp-n12	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rp-ac52_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95CD566C-50C6-4D73-BDA5-707210513B0E",
              "versionEndIncluding": "1.0.1.1s",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rp-ac52:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3F3FE0-63F5-4D0F-9C3A-C1D39B16AED1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:ea-n66_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7C9567D-E5BA-42C9-A51A-05D431510B0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:ea-n66:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7061553F-CA97-4021-A804-C29D1AE54AAF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rp-n12_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A1B21FE-3A45-48DA-91BC-9A8CD8C7BD0C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rp-n12:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4291D2D-4C30-4E5A-94D9-0D465C9CFD88",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rp-n14_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB07468-ECC0-4A52-9BDA-A8207F467250",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rp-n14:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1B193A7-7C51-457C-A475-7DFF6458D4BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rp-n53_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C97695-0E2B-461F-8C08-A4E709C67A77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rp-n53:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A8C124-CB6C-4F45-9C1B-0E52C59E42AD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rp-ac56_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C2FAC7-3DB8-4313-8AB6-2E1E8BE66201",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rp-ac56:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "211D70E6-1FF9-4E0F-BA34-6A1329E4F01B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:wmp-n12_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA89FE0-E934-4519-B49C-FAAFBA26150B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:wmp-n12:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E35AD500-683F-4C96-B0CE-74029076083F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request."
    },
    {
      "lang": "es",
      "value": "En los puntos de acceso ASUS RP-AC52 con versiones de firmware 1.0.1.1s y posiblemente anteriores, la interfaz web no verifica lo suficiente si una petici\u00f3n v\u00e1lida ha sido proporcionada intencionadamente por el usuario. Un atacante puede realizar acciones con los mismos permisos que los del usuario v\u00edctima, siempre que la v\u00edctima tenga una sesi\u00f3n activa y sea inducida a desencadenar la petici\u00f3n maliciosa."
    }
  ],
  "id": "CVE-2016-6557",
  "lastModified": "2024-11-21T02:56:21.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-13T20:29:00.817",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/763843"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/93596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/763843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/93596"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-10039

Vulnerability from cnvd - Published: 2016-10-26

Title

ASUS RP-AC52 Access Point跨站请求伪造漏洞

Description

ASUS RP-AC52 Access Point是华硕（ASUS）公司的一款无线接入点。使用1.0.1.1s版本固件的ASUS RP-AC52 Access Point中存在跨站请求伪造漏洞。远程攻击者可利用该漏洞修改设置，完全控制系统。

Severity

中

Formal description

目前没有详细的解决方案提供： http://www.asus.com.cn/

Reference

http://www.securityfocus.com/bid/93596

Impacted products

Name
ASUS RP-AC52 Access Point 1.0.1.1s

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93596"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6557"
    }
  },
  "description": "ASUS RP-AC52 Access Point\u662f\u534e\u7855\uff08ASUS\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u63a5\u5165\u70b9\u3002\r\n\r\n\u4f7f\u75281.0.1.1s\u7248\u672c\u56fa\u4ef6\u7684ASUS RP-AC52 Access Point\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u8bbe\u7f6e\uff0c\u5b8c\u5168\u63a7\u5236\u7cfb\u7edf\u3002",
  "discovererName": "Ian Smith.",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.asus.com.cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10039",
  "openTime": "2016-10-26",
  "products": {
    "product": "ASUS RP-AC52 Access Point 1.0.1.1s"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93596",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-20",
  "title": "ASUS RP-AC52 Access Point\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

VAR-201807-0053

Vulnerability from variot - Updated: 2023-12-18 13:08

In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. ASUS RP-AC52 Access Point is prone to the following multiple security issues: 1. Cross-site request-forgery vulnerability 2. A command-injection vulnerability An attacker may leverage these issues to perform certain unauthorized actions and gain access to the affected application or execute commands in the context of the affected application. A remote attacker could exploit this vulnerability to modify settings and take complete control of the system

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0053",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rp-n14",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rp-n53",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "ea-n66",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rp-n12",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rp-ac56",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "wmp-n12",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rp-ac52",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "asus",
        "version": "1.0.1.1s"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "asustek computer",
        "version": null
      },
      {
        "model": "ea-n66",
        "scope": null,
        "trust": 0.8,
        "vendor": "asustek computer",
        "version": null
      },
      {
        "model": "rp-ac52",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "asustek computer",
        "version": "1.0.1.1s"
      },
      {
        "model": "rp-ac56",
        "scope": null,
        "trust": 0.8,
        "vendor": "asustek computer",
        "version": null
      },
      {
        "model": "rp-n12",
        "scope": null,
        "trust": 0.8,
        "vendor": "asustek computer",
        "version": null
      },
      {
        "model": "rp-n14",
        "scope": null,
        "trust": 0.8,
        "vendor": "asustek computer",
        "version": null
      },
      {
        "model": "rp-n53",
        "scope": null,
        "trust": 0.8,
        "vendor": "asustek computer",
        "version": null
      },
      {
        "model": "wmp-n12",
        "scope": null,
        "trust": 0.8,
        "vendor": "asustek computer",
        "version": null
      },
      {
        "model": "rp-ac52",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "asus",
        "version": "1.0.1.1s"
      },
      {
        "model": "rp-ac52 1.0.1.1s",
        "scope": null,
        "trust": 0.3,
        "vendor": "asus",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#763843"
      },
      {
        "db": "BID",
        "id": "93596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-ac52_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.1.1s",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-ac52:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:ea-n66_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:ea-n66:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-n12_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-n12:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-n14_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-n14:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-n53_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-n53:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-ac56_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-ac56:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:wmp-n12_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:wmp-n12:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6557"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ian Smith.",
    "sources": [
      {
        "db": "BID",
        "id": "93596"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-6557",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-6557",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-95377",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-6557",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6557",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-445",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95377",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. ASUS RP-AC52 Access Point is prone to the following multiple security issues:\n1. Cross-site request-forgery vulnerability\n2. A command-injection vulnerability\nAn attacker may leverage these issues to perform certain  unauthorized actions and gain access to the affected application or  execute commands in the context of the affected application. A remote attacker could exploit this vulnerability to modify settings and take complete control of the system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6557"
      },
      {
        "db": "CERT/CC",
        "id": "VU#763843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "db": "BID",
        "id": "93596"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95377"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#763843",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6557",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93596",
        "trust": 2.0
      },
      {
        "db": "JVN",
        "id": "JVNVU96741452",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009196",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-95377",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#763843"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95377"
      },
      {
        "db": "BID",
        "id": "93596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ]
  },
  "id": "VAR-201807-0053",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95377"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:08:24.701000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "RP-AC52",
        "trust": 0.8,
        "url": "https://www.asus.com/networking/rpac52/"
      },
      {
        "title": "ASUS RP-AC52 Access Point Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99591"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6557"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://www.kb.cert.org/vuls/id/763843"
      },
      {
        "trust": 1.7,
        "url": "https://www.securityfocus.com/bid/93596"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6557"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96741452/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6557"
      },
      {
        "trust": 0.3,
        "url": "http://www.asus.com"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#763843"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95377"
      },
      {
        "db": "BID",
        "id": "93596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#763843"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95377"
      },
      {
        "db": "BID",
        "id": "93596"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#763843"
      },
      {
        "date": "2018-07-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95377"
      },
      {
        "date": "2016-10-17T00:00:00",
        "db": "BID",
        "id": "93596"
      },
      {
        "date": "2018-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "date": "2018-07-13T20:29:00.817000",
        "db": "NVD",
        "id": "CVE-2016-6557"
      },
      {
        "date": "2016-10-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#763843"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95377"
      },
      {
        "date": "2016-10-26T00:08:00",
        "db": "BID",
        "id": "93596"
      },
      {
        "date": "2018-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009196"
      },
      {
        "date": "2019-10-09T23:19:15.283000",
        "db": "NVD",
        "id": "CVE-2016-6557"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASUS RP-AC52 contains multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#763843"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-445"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-6557

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6557

Aliases

CVE-2016-6557

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6557",
    "description": "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.",
    "id": "GSD-2016-6557"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6557"
      ],
      "details": "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.",
      "id": "GSD-2016-6557",
      "modified": "2023-12-13T01:21:23.248888Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2016-6557",
        "STATE": "PUBLIC",
        "TITLE": "The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RP-AC52 Access Point",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_name": "1.0.1.1s",
                          "version_value": "1.0.1.1s"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ASUS"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-352"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "93596",
            "refsource": "BID",
            "url": "https://www.securityfocus.com/bid/93596"
          },
          {
            "name": "VU#763843",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/763843"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-ac52_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.1.1s",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-ac52:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:ea-n66_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:ea-n66:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-n12_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-n12:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-n14_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-n14:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-n53_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-n53:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rp-ac56_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rp-ac56:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:wmp-n12_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:wmp-n12:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-6557"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93596",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.securityfocus.com/bid/93596"
            },
            {
              "name": "VU#763843",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/763843"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:19Z",
      "publishedDate": "2018-07-13T20:29Z"
    }
  }
}

GHSA-74GX-PMHR-4VMQ

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-13T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.",
  "id": "GHSA-74gx-pmhr-4vmq",
  "modified": "2022-05-13T01:38:45Z",
  "published": "2022-05-13T01:38:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6557"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/763843"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/bid/93596"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6557 (GCVE-0-2016-6557)

FKIE_CVE-2016-6557

CNVD-2016-10039

VAR-201807-0053

GSD-2016-6557

GHSA-74GX-PMHR-4VMQ

Tags

Sightings

Nomenclature