cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2016-6558,https://securityvulnerability.io/vulnerability/CVE-2016-6558,"The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to command injection","A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.",Asus,Rp-ac52 Access Point,9.8,CRITICAL,0.0017500000540167093,false,false,false,false,,false,false,2018-07-13T20:00:00.000Z,0
CVE-2016-6557,https://securityvulnerability.io/vulnerability/CVE-2016-6557,"The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery","In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.",Asus,Rp-ac52 Access Point,8.8,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2018-07-13T20:00:00.000Z,0