CVE-2018-18320
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution
** EN DISPUTA ** Se ha descubierto un problema en la versión 0.6.6 del componente Merlin.PHP para dispositivos Asuswrt-Merlin. Un atacante puede ejecutar comandos arbitrarios debido a que exec.php tiene una llamada popen. NOTA: el fabricante indica que Merlin.PHP está diseñado para ser empleado solamente en una red de intranet fiable y que se permite intencionadamente la ejecución remota de código.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-10-15 CVE Reserved
- 2018-10-15 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://blog.51cto.com/010bjsoft/2298828 | 2024-09-16 | |
| https://github.com/qoli/Merlin.PHP/issues/26 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac5300 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac5300 Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1900p Firmware Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1900p Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p " | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68u Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68p Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68p Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac88u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac88u Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u B1 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u B1 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac56u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac56u Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3200 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3200 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68uf Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68uf Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68uf Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68uf Search vendor "Asuswrt-merlin Project" for product "Rt-ac68uf" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac87 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac87 Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac87 Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac87 Search vendor "Asuswrt-merlin Project" for product "Rt-ac87" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3100 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3100 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac1900 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac1900 Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac1900 Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac1900 Search vendor "Asuswrt-merlin Project" for product "Rt-ac1900" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac86u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac86u Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac86u Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac86u Search vendor "Asuswrt-merlin Project" for product "Rt-ac86u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac2900 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac2900 Firmware" | <= 380.70 Search vendor "Asuswrt-merlin Project" for product "Rt-ac2900 Firmware" and version " <= 380.70" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac2900 Search vendor "Asuswrt-merlin Project" for product "Rt-ac2900" | - | - |
Safe
|