An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rt-ac5300_firmware | Asuswrt-merlin_project | * | 380.70 (including) |