2 matches found
CVE-2018-18320
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote co...
CVE-2018-18320
This CVE affects the Merlin.PHP component (version 0.6.6) used in Asuswrt-Merlin devices. The vulnerability is a remote code execution due to a popen call in exec.php, allowing an attacker to execute arbitrary commands. The vendor notes Merlin.PHP is intended for trusted intranet use, which impli...