CVE-2018-18320
First published: Mon Oct 15 2018(Updated: )
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ASUS Asuswrt-Merlin | <=380.70 | |
| Asuswrt-Merlin project RT-AC5300 firmware | ||
| Asuswrt-Merlin project RT-AC1900P | <=380.70 | |
| Asuswrt-Merlin project RT-AC1900P firmware | ||
| Asuswrt-Merlin project RT-AC68U | <=380.70 | |
| Asuswrt-Merlin project RT-AC68U firmware | ||
| ASUS Asuswrt-Merlin | <=380.70 | |
| Asuswrt-Merlin project RT-AC68P firmware | ||
| ASUS Asuswrt-Merlin | <=380.70 | |
| Asuswrt-Merlin project RT-AC88U firmware | ||
| Asuswrt-Merlin project RT-AC66U B1 firmware | <=380.70 | |
| Asuswrt-Merlin | ||
| ASUS Asuswrt-Merlin | <=380.70 | |
| Asuswrt-Merlin project RT-AC56U firmware | ||
| Asuswrt-Merlin project RT-AC3200 | <=380.70 | |
| Asuswrt-Merlin project RT-AC3200 firmware | ||
| Asuswrt-Merlin project rt-ac68uf | <=380.70 | |
| Asuswrt-Merlin project rt-ac68uf firmware | ||
| Asuswrt-Merlin project | <=380.70 | |
| Asuswrt-Merlin project rt-ac87 firmware | ||
| Asuswrt-Merlin project RT-AC3100 | <=380.70 | |
| Asuswrt-Merlin project RT-AC3100 firmware | ||
| Asuswrt-Merlin project rt-ac1900 | <=380.70 | |
| Asuswrt-Merlin project rt-ac1900 firmware | ||
| Asuswrt-Merlin project rt-ac86u | <=380.70 | |
| Asuswrt-Merlin project rt-ac86u firmware | ||
| Asuswrt-Merlin project rt-ac2900 | <=380.70 | |
| ASUS Asuswrt-Merlin | ||
| All of | ||
| ASUS Asuswrt-Merlin | <=380.70 | |
| Asuswrt-Merlin project RT-AC5300 firmware | ||
| All of | ||
| Asuswrt-Merlin project RT-AC1900P | <=380.70 | |
| Asuswrt-Merlin project RT-AC1900P firmware | ||
| All of | ||
| Asuswrt-Merlin project RT-AC68U | <=380.70 | |
| Asuswrt-Merlin project RT-AC68U firmware | ||
| All of | ||
| ASUS Asuswrt-Merlin | <=380.70 | |
| Asuswrt-Merlin project RT-AC68P firmware | ||
| All of | ||
| ASUS Asuswrt-Merlin | <=380.70 | |
| Asuswrt-Merlin project RT-AC88U firmware | ||
| All of | ||
| Asuswrt-Merlin project RT-AC66U B1 firmware | <=380.70 | |
| Asuswrt-Merlin | ||
| All of | ||
| ASUS Asuswrt-Merlin | <=380.70 | |
| Asuswrt-Merlin project RT-AC56U firmware | ||
| All of | ||
| Asuswrt-Merlin project RT-AC3200 | <=380.70 | |
| Asuswrt-Merlin project RT-AC3200 firmware | ||
| All of | ||
| Asuswrt-Merlin project rt-ac68uf | <=380.70 | |
| Asuswrt-Merlin project rt-ac68uf firmware | ||
| All of | ||
| Asuswrt-Merlin project | <=380.70 | |
| Asuswrt-Merlin project rt-ac87 firmware | ||
| All of | ||
| Asuswrt-Merlin project RT-AC3100 | <=380.70 | |
| Asuswrt-Merlin project RT-AC3100 firmware | ||
| All of | ||
| Asuswrt-Merlin project rt-ac1900 | <=380.70 | |
| Asuswrt-Merlin project rt-ac1900 firmware | ||
| All of | ||
| Asuswrt-Merlin project rt-ac86u | <=380.70 | |
| Asuswrt-Merlin project rt-ac86u firmware | ||
| All of | ||
| Asuswrt-Merlin project rt-ac2900 | <=380.70 | |
| ASUS Asuswrt-Merlin |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-18320?
The severity of CVE-2018-18320 has been classified as medium due to the potential for arbitrary command execution.
How do I fix CVE-2018-18320?
To fix CVE-2018-18320, it is recommended to update to a version of Asuswrt-Merlin firmware newer than 380.70.
Which Asuswrt-Merlin devices are affected by CVE-2018-18320?
Asuswrt-Merlin devices running versions up to 380.70 are affected by CVE-2018-18320.
Can CVE-2018-18320 be exploited remotely?
CVE-2018-18320 requires an attacker to have access to the trusted intranet network to exploit it.
What component is involved in CVE-2018-18320?
CVE-2018-18320 involves the Merlin.PHP component in Asuswrt-Merlin firmware.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/status
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- status/disputed
- vendor/asuswrt-merlin project
- canonical/asus asuswrt-merlin
- version/asus asuswrt-merlin/380.70
- canonical/asuswrt-merlin project rt-ac5300 firmware
- canonical/asuswrt-merlin project rt-ac1900p
- version/asuswrt-merlin project rt-ac1900p/380.70
- canonical/asuswrt-merlin project rt-ac1900p firmware
- canonical/asuswrt-merlin project rt-ac68u
- version/asuswrt-merlin project rt-ac68u/380.70
- canonical/asuswrt-merlin project rt-ac68u firmware
- canonical/asuswrt-merlin project rt-ac68p firmware
- canonical/asuswrt-merlin project rt-ac88u firmware
- canonical/asuswrt-merlin project rt-ac66u b1 firmware
- version/asuswrt-merlin project rt-ac66u b1 firmware/380.70
- canonical/asuswrt-merlin
- canonical/asuswrt-merlin project rt-ac56u firmware
- canonical/asuswrt-merlin project rt-ac3200
- version/asuswrt-merlin project rt-ac3200/380.70
- canonical/asuswrt-merlin project rt-ac3200 firmware
- canonical/asuswrt-merlin project rt-ac68uf
- version/asuswrt-merlin project rt-ac68uf/380.70
- canonical/asuswrt-merlin project rt-ac68uf firmware
- canonical/asuswrt-merlin project
- version/asuswrt-merlin project/380.70
- canonical/asuswrt-merlin project rt-ac87 firmware
- canonical/asuswrt-merlin project rt-ac3100
- version/asuswrt-merlin project rt-ac3100/380.70
- canonical/asuswrt-merlin project rt-ac3100 firmware
- canonical/asuswrt-merlin project rt-ac1900
- version/asuswrt-merlin project rt-ac1900/380.70
- canonical/asuswrt-merlin project rt-ac1900 firmware
- canonical/asuswrt-merlin project rt-ac86u
- version/asuswrt-merlin project rt-ac86u/380.70
- canonical/asuswrt-merlin project rt-ac86u firmware
- canonical/asuswrt-merlin project rt-ac2900
- version/asuswrt-merlin project rt-ac2900/380.70