// For flags

CVE-2018-18320

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution

** EN DISPUTA ** Se ha descubierto un problema en la versión 0.6.6 del componente Merlin.PHP para dispositivos Asuswrt-Merlin. Un atacante puede ejecutar comandos arbitrarios debido a que exec.php tiene una llamada popen. NOTA: el fabricante indica que Merlin.PHP está diseñado para ser empleado solamente en una red de intranet fiable y que se permite intencionadamente la ejecución remota de código.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-10-15 CVE Reserved
  • 2018-10-15 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • 2024-09-24 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac5300 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac5300
Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt Ac1900p Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt Ac1900p
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p "
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68p Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68p
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac88u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac88u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac66u B1 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac66u B1
Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac56u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac56u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac3200 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac3200
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68uf Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68uf Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68uf Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68uf
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68uf"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac87 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac87 Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac87 Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac87
Search vendor "Asuswrt-merlin Project" for product "Rt-ac87"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac3100 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac3100
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac1900 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac1900 Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac1900 Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac1900
Search vendor "Asuswrt-merlin Project" for product "Rt-ac1900"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac86u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac86u Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac86u Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac86u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac86u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac2900 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac2900 Firmware"
<= 380.70
Search vendor "Asuswrt-merlin Project" for product "Rt-ac2900 Firmware" and version " <= 380.70"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac2900
Search vendor "Asuswrt-merlin Project" for product "Rt-ac2900"
--
Safe