CVE-2018-18319

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution

** EN DISPUTA ** Se ha descubierto un problema en la versión 0.6.6 del componente Merlin.PHP para dispositivos Asuswrt-Merlin. Un atacante puede ejecutar comandos arbitrarios debido a que api.php tiene una llamada eval, tal y como queda demostrado con el URI /6/api.php?function=commandclass=remoteCc='ls'. NOTA: el fabricante indica que Merlin.PHP está diseñado para ser empleado solamente en una red de intranet fiable y que se permite intencionadamente la ejecución remota de código.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-10-15 CVE Reserved
2018-10-15 CVE Published
2024-09-16 CVE Updated
2024-09-16 First Exploit
2024-09-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
http://blog.51cto.com/010bjsoft/2298902	2024-09-16
https://github.com/qoli/Merlin.PHP/issues/27	2024-09-16

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac5300 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac5300 Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt Ac1900p Firmware Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt Ac1900p Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p "	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac68u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac68u Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac68p Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac68p Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac88u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac88u Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac66u B1 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac66u B1 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac56u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac56u Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac3200 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac3200 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac68uf Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68uf Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68uf Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac68uf Search vendor "Asuswrt-merlin Project" for product "Rt-ac68uf"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac87 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac87 Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac87 Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac87 Search vendor "Asuswrt-merlin Project" for product "Rt-ac87"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac3100 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac3100 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac1900 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac1900 Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac1900 Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac1900 Search vendor "Asuswrt-merlin Project" for product "Rt-ac1900"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac86u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac86u Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac86u Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac86u Search vendor "Asuswrt-merlin Project" for product "Rt-ac86u"	-	-	Safe
Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac2900 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac2900 Firmware"	<= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac2900 Firmware" and version " <= 380.70"	-	Affected	in	Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project"	Rt-ac2900 Search vendor "Asuswrt-merlin Project" for product "Rt-ac2900"	-	-	Safe