qoli/Merlin.PHP

qoli/Merlin.PHP

Releases0

Stars52

面向 ASUS﹣MERLIN 的 SS Web 管理面板。只支持 http://koolshare.io 下的固件版本。

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-18319 ↗	Oct 15, 2018Monday, 15 October 2018, 06:29	—	7.5 HIGH
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution
CVE-2018-18320 ↗	Oct 15, 2018Monday, 15 October 2018, 06:29	—	7.5 HIGH
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution