Lucene search
+L

67 matches found

OSV
OSV
added 2018/10/15 6:29 a.m.6 views

CVE-2018-18320

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote co...

9.8CVSS6.5AI score0.05244EPSS
Exploits1References2
OSV
OSV
added 2018/10/15 6:29 a.m.5 views

CVE-2018-18319

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed on...

9.8CVSS6.5AI score0.05434EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/10/15 6:0 a.m.21 views

CVE-2018-18320

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote co...

10AI score0.05244EPSS
Exploits1References2
CVE
CVE
added 2018/10/15 6:0 a.m.45 views

CVE-2018-18320

This CVE affects the Merlin.PHP component (version 0.6.6) used in Asuswrt-Merlin devices. The vulnerability is a remote code execution due to a popen call in exec.php, allowing an attacker to execute arbitrary commands. The vendor notes Merlin.PHP is intended for trusted intranet use, which impli...

9.8CVSS9.9AI score0.05244EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/10/15 6:0 a.m.16 views

CVE-2018-18319

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed on...

10AI score0.05434EPSS
Exploits1References2
CVE
CVE
added 2018/10/15 6:0 a.m.51 views

CVE-2018-18319

Summary: CVE-2018-18319 affects Merlin.PHP 0.6.6 on Asuswrt-Merlin devices, where an eval in api.php allows a remote attacker to execute arbitrary commands (example: /6/api.php?function=command&class=remote&Cc='ls'). The vendor notes Merlin.PHP is intended for trusted intranet networks, which fac...

9.8CVSS9.9AI score0.05434EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2018/10/15 12:0 a.m.7 views

PT-2018-14403 · Asuswrt Merlin · Merlin.Php

Name of the Vulnerable Software and Affected Versions: Merlin.PHP version 0.6.6 Description: An issue was discovered in the Merlin.PHP component for Asuswrt-Merlin devices, allowing an attacker to execute arbitrary commands. This is due to an eval call in api.php, as demonstrated by the...

9.8CVSS10AI score0.05434EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2018/10/15 12:0 a.m.5 views

PT-2018-14404 · Asuswrt Merlin · Merlin.Php

Name of the Vulnerable Software and Affected Versions: Merlin.PHP version 0.6.6 Description: An issue was discovered in the Merlin.PHP component for Asuswrt-Merlin devices, allowing an attacker to execute arbitrary commands due to a popen call in exec.php. The vendor notes that Merlin.PHP is...

9.8CVSS8.3AI score0.05244EPSS
Exploits1References4
OSV
OSV
added 2018/01/17 6:29 a.m.4 views

CVE-2018-5721

Stack-based buffer overflow in the ejupdatevariables function in router/httpd/web.c on ASUS routers when using software from https://github.com/RMerl/asuswrt-merlin allows web authenticated attackers to execute code via a request that updates a setting. In ejupdatevariables, the length of the...

8.8CVSS6.2AI score0.01938EPSS
Exploits1References1
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.104 views

Asus_DeleteOfflineClientOverflow

Vulnerability: Stack buffer overflow in httpd ------------------------------------------ Exploitation: Can control the $pc. Use together with a session hijack vulnerability or in a csrf attack, can remote code execution and then get a connectback shell. ------------------------------------------...

9.3CVSS0.1AI score0.07552EPSS
Exploits6
BDU FSTEC
BDU FSTEC
added 2017/09/22 12:0 a.m.5 views

The vulnerability in the ASUS_Discovery.c file of the embedded microprogramming software Asuswrt-Merlin for Asus device networking cards allows a hacker to execute arbitrary code.

The vulnerability in the AsusDiscovery.c file of the embedded microprogramming software for Asus’ device networking cards is caused by buffer overflows on the stack incorrect invocation of the strcat function during the reading of the device list. Exploiting this vulnerability allows a remote...

10CVSS8.4AI score0.05607EPSS
Exploits1References2
Prion
Prion
added 2017/08/09 3:29 p.m.15 views

Stack overflow

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.670RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

6.5CVSS9.1AI score0.0271EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/08/09 3:29 p.m.2 views

CVE-2017-12754

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.670RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

8.8CVSS6.5AI score0.0271EPSS
Exploits0References3
NVD
NVD
added 2017/08/09 3:29 p.m.14 views

CVE-2017-12754

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.670RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

8.8CVSS9.1AI score0.0271EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/08/09 3:0 p.m.19 views

CVE-2017-12754

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.670RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

9.1AI score0.0271EPSS
Exploits0References2
CVE
CVE
added 2017/08/09 3:0 p.m.50 views

CVE-2017-12754

The CVE-2017-12754 entry describes a stack buffer overflow in the httpd component of Asuswrt-Merlin firmware (notably 380.67_0RT-AC5300 and earlier) across numerous ASUS router models. A remote attacker can trigger arbitrary code execution by sending a crafted HTTP GET request containing a long d...

8.8CVSS9.1AI score0.0271EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/07/20 12:0 a.m.5 views

Asuswrt-Merlin Firmware Stack Buffer Overflow Vulnerability in Multiple ASUS Products

ASUS RT-AC5300 and others are RT series router products from Asus ASUS.Asuswrt-Merlin is the firmware that runs on it. A stack buffer overflow vulnerability exists in the ASUSDiscovery.c file of networkmap in the Asuswrt-Merlin firmware in multiple ASUS products. A remote attacker can exploit thi...

10CVSS10AI score0.05607EPSS
Exploits1References1
NVD
NVD
added 2017/07/18 5:29 a.m.18 views

CVE-2017-11420

Stack-based buffer overflow in ASUSDiscovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

10CVSS9.9AI score0.05607EPSS
Exploits1References2
OSV
OSV
added 2017/07/18 5:29 a.m.6 views

CVE-2017-11420

Stack-based buffer overflow in ASUSDiscovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

9.8CVSS6.4AI score0.05607EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/07/18 5:0 a.m.16 views

CVE-2017-11420

Stack-based buffer overflow in ASUSDiscovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

9.9AI score0.05607EPSS
Exploits1References2
Rows per page
Query Builder