CVE-2016-6557

In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
asusrp-ac52_firmware
𝑥
≤ 1.0.1.1s
asusea-n66_firmware
-
asusrp-n12_firmware
-
asusrp-n14_firmware
-
asusrp-n53_firmware
-
asusrp-ac56_firmware
-
asuswmp-n12_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.kb.cert.org/vuls/id/763843
https://www.securityfocus.com/bid/93596
https://www.kb.cert.org/vuls/id/763843
https://www.securityfocus.com/bid/93596