CVE-2018-18319

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
asuswrt-merlin_projectrt-ac5300_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt_ac1900p_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac68u_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac68p_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac88u_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac66u_b1_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac56u_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac3200_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac68uf_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac87_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac3100_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac1900_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac86u_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac2900_firmware
𝑥
≤ 380.70
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.51cto.com/010bjsoft/2298902
https://github.com/qoli/Merlin.PHP/issues/27
http://blog.51cto.com/010bjsoft/2298902
https://github.com/qoli/Merlin.PHP/issues/27