Critical severity9.8NVD Advisory· Published Oct 15, 2018· Updated Jun 17, 2026
CVE-2018-18320
CVE-2018-18320
Description
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: =0.6.6
- Range: =0.6.6
Patches
Vulnerability mechanics
References
2- blog.51cto.com/010bjsoft/2298828nvdExploitThird Party Advisory
- github.com/qoli/Merlin.PHP/issues/26nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.