Vulnerability Details CVE-2018-18319
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution
Exploit prediction scoring system (EPSS) score
EPSS Score 0.087
EPSS Ranking 92.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-18319
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac1900:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac2900:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac3100:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac3200:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac5300:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac56u:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac66u_b1:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac68p:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac68u:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac68uf:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac86u:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac87:-
-
cpe:2.3:h:asuswrt-merlin_project:rt-ac88u:-
-
cpe:2.3:h:asuswrt-merlin_project:rt_ac1900p_:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac1900_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac1900_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac2900_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac2900_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac3100_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac3100_firmware:3.0.0.4.380.7743
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac3100_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac3200_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac3200_firmware:3.0.0.4.380.7743
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac3200_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac5300_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac5300_firmware:3.0.0.4.380.7743
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac5300_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac56u_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac56u_firmware:3.0.0.4.380.7743
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac56u_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac66u_b1_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac66u_b1_firmware:3.0.0.4.380.7743
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac66u_b1_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac68p_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac68p_firmware:3.0.0.4.380.7743
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac68p_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac68u_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac68u_firmware:3.0.0.4.380.7743
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac68u_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac68uf_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac68uf_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac86u_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac86u_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac87_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac87_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac88u_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac88u_firmware:3.0.0.4.380.7743
-
cpe:2.3:o:asuswrt-merlin_project:rt-ac88u_firmware:380.70
-
cpe:2.3:o:asuswrt-merlin_project:rt_ac1900p_firmware:-
-
cpe:2.3:o:asuswrt-merlin_project:rt_ac1900p_firmware:3.0.0.4.380.7743
-
cpe:2.3:o:asuswrt-merlin_project:rt_ac1900p_firmware:380.70