QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-6558

Back to search

CVE-2016-6558

Published: Jul 13, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.

VendorProductVersions

ASUS

RP-AC52 Access Point

affected
1.0.1.1s

Weaknesses (CWE)

CWE-77

References

93596
vdb-entry
x_refsource_BID
VU#763843
third-party-advisory
x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now