CVE-2018-18320

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
asuswrt-merlin_projectrt-ac5300_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt_ac1900p_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac68u_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac68p_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac88u_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac66u_b1_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac56u_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac3200_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac68uf_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac87_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac3100_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac1900_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac86u_firmware
𝑥
≤ 380.70
asuswrt-merlin_projectrt-ac2900_firmware
𝑥
≤ 380.70
𝑥
= Vulnerable software versions
References
http://blog.51cto.com/010bjsoft/2298828
https://github.com/qoli/Merlin.PHP/issues/26
http://blog.51cto.com/010bjsoft/2298828
https://github.com/qoli/Merlin.PHP/issues/26