Asuswrt-Merlin Project Rt-Ac1900 Firmware vulnerabilities
2 known vulnerabilities affecting asuswrt-merlin_project/rt-ac1900_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2018-18319P2CRITICALCVSS 9.8≤ 380.702018-10-15
CVE-2018-18319 [CRITICAL] CWE-94 CVE-2018-18319: An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker ca
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intenti
nvd
CVE-2018-18320P3CRITICALCVSS 9.8≤ 380.702018-10-15
CVE-2018-18320 [CRITICAL] CVE-2018-18320: An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker ca
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution
nvd