VYPR

Merlin.php

by Qoli

CVEs (1)

  • CVE-2018-18320CriOct 15, 2018
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and…