CVE-2018-18320

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote co...

CVE-2018-18319

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command=remote='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for us...

EUVD-2018-20486

Malware in sbrugna...

EUVD-2018-20485

Malware in sbrugna...

EUVD-2017-2973

Malware in sbrugna...

EUVD-2017-2974

Malware in sbrugna...

EUVD-2022-30935

Malicious code in bioql PyPI...

CVE-2018-8879

Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters ar...

CVE-2018-8877

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the newlanip variable on the errorpage.htm page...

CVE-2018-8878

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the customid variable on the blocking.asp...

Memory corruption

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.38648706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

CVE-2022-26376

CVE-2022-26376 affects Asuswrt and Asuswrt-Merlin New Gen. The vulnerability is a memory corruption in the httpd unescape function triggered by a crafted HTTP request; it arises due to missing bounds checking after a '%' character, potentially causing memory corruption or crashes via network inpu...

CVE-2022-26376

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.38648706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

Asuswrt and Asuswrt-Merlin New Gen httpd unescape memory corruption vulnerability

Talos Vulnerability Report TALOS-2022-1511 Asuswrt and Asuswrt-Merlin New Gen httpd unescape memory corruption vulnerability July 27, 2022 CVE Number CVE-2022-26376 SUMMARY A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.38648706 and...

ASUS Asuswrt-Merlin 缓冲区错误漏洞

ASUS Asuswrt-Merlin is a firmware from Asus Taiwan, China that runs in its routers. A buffer error vulnerability exists in ASUS Asuswrt-Merlin version 3.0.0.4.38648706 and Asuswrt-Merlin New Gen 386.1-beta1, which stems from a specially crafted HTTP request that could result in memory corruption...

ASUS Asuswrt-Merlin Information Disclosure Vulnerability

ASUS Asuswrt-Merlin is a firmware from Asus ASUS of Taiwan, China that runs in its routers. An information disclosure vulnerability exists in ASUS Asuswrt-Merlin. An attacker could exploit this vulnerability by reading the customid variable on the blocking.asp page to obtain information about the...

ASUS Asuswrt-Merlin Information Disclosure Vulnerability (CNVD-2020-17192)

ASUS Asuswrt-Merlin is a firmware from Asus ASUS of Taiwan, China that runs in its routers. An information disclosure vulnerability exists in ASUS Asuswrt-Merlin. An attacker can exploit the vulnerability by reading the newlanip variable on the errorpage.htm page to obtain information about the...

CVE-2018-8877

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the newlanip variable on the errorpage.htm page...

CVE-2018-8878

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the customid variable on the blocking.asp...

CVE-2018-8877

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the newlanip variable on the errorpage.htm page...