CVE-2018-18319 - OpenCVE

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Asuswrt-merlin Project	Rt-ac86u Rt-ac5300 Rt-ac68uf Firmware Rt-ac56u Firmware Rt-ac68p Firmware Rt-ac87 Rt-ac2900 Firmware Rt Ac1900p Firmware Rt-ac68uf Rt-ac56u Rt-ac1900 Rt-ac3100 Rt-ac68u Rt-ac68p Rt-ac3100 Firmware Rt-ac2900 Rt-ac88u Rt-ac68u Firmware Rt-ac87 Firmware Rt-ac1900 Firmware Rt-ac3200 Firmware Rt-ac5300 Firmware Rt-ac86u Firmware Rt Ac1900p Rt-ac88u Firmware Rt-ac66u B1 Firmware Rt-ac66u B1 Rt-ac3200

Configuration 1 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac5300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac5300:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt_ac1900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt_ac1900p_:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac68u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac68u:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac68p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac68p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac88u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac88u:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac66u_b1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac66u_b1:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac56u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac56u:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac3200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac3200:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac68uf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac68uf:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac87_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac87:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac3100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac3100:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac1900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac1900:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac86u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac86u:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:asuswrt-merlin_project:rt-ac2900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asuswrt-merlin_project:rt-ac2900:-:*:*:*:*:*:*:*

References

Link	Resource
http://blog.51cto.com/010bjsoft/2298902	Exploit Third Party Advisory
https://github.com/qoli/Merlin.PHP/issues/27	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:22:04

Updated: 2022-10-03T16:22:04

Reserved: 2022-10-03T00:00:00

Link: CVE-2018-18319

JSON object: View

NVD Information

Status : Modified

Published: 2018-10-15T06:29:00.607

Modified: 2024-05-17T01:25:32.080

Link: CVE-2018-18319

JSON object: View

Redhat Information

No data.

CWE

CWE-94