RSS   Vulnerabilities for 'Rt-ac86u firmware'   RSS

2018-10-15
 
CVE-2018-18320

CWE-20
 

 
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution.

 
 
CVE-2018-18319

CWE-20
 

 
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution.

 

 >>> Vendor: Asuswrt-merlin project 34 Products
Rt-n56u firmware
Rt-ac66u firmware
Rt-n16 firmware
Rt-n66u firmware
Rt-ac68u firmware
Rt-ac53 firmware
Rt-n12hp b1 firmware
Rt n12+ pro firmware
Rt ac1900p firmware
Rt-ac5300 firmware
Rt ac1200g firmware
Rt-ac3100 firmware
Rt-n18u firmware
Rt-ac1200 firmware
Rt-n300 firmware
Rt-ac52u firmware
Rt-ac3200 firmware
Rt-ac68p firmware
Rt-ac88u firmware
Rt-ac56u firmware
Rt-ac55u firmware
Rt-n12+ firmware
Rt ac1200gu firmware
Rt-n12d1 firmware
Rt-ac66u b1 firmware
Rt-ac58u firmware
Rt-n12hp firmware
Rt-ac51u firmware
Asuswrt-merlin
Rt-ac2900 firmware
Rt-ac86u firmware
Rt-ac1900 firmware
Rt-ac68uf firmware
Rt-ac87 firmware


Copyright 2024, cxsecurity.com

 

Back to Top