PT-2018-14403 · Asuswrt Merlin · Merlin.Php
Ly55521
·
Published
2018-10-15
·
Updated
2024-08-05
·
CVE-2018-18319
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Merlin.PHP version 0.6.6
Description
An issue was discovered in the Merlin.PHP component for Asuswrt-Merlin devices, allowing an attacker to execute arbitrary commands. This is due to an
eval call in api.php, as demonstrated by the "/6/api.php?function=command&class=remote&Cc='ls'" URI. The vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network and intentionally allows remote code execution.Recommendations
For Merlin.PHP version 0.6.6, consider restricting access to the
api.php endpoint to minimize the risk of exploitation, as it intentionally allows remote code execution in trusted intranet networks.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Merlin.Php