CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-25 04:24:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
bc4580b7799602bfe4618c8fe9ddff9c2dfdfc86
CVEs-PoC/2018/CVE-2018-18319.md
T
0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00

910 B
Raw Blame History

CVE-2018-18319

Description

** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution.

POC

Reference

Github

No PoCs found on GitHub currently.

Reference in New Issue View Git Blame Copy Permalink