Vulnerabilities (CVE)

Filtered by vendor Asus Subscribe
Filtered by product Ea-n66 Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6558 1 Asus 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.
CVE-2016-6557 1 Asus 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.