Magellan security issue?

[Catalinus]

I could not find any reference around to this relatively recent vulnerability:

https://blade.tencent.com/magellan/index_en.html

Is Asuswrt-Merlin vulnerable?

 

[skeal]

I could not find any reference around to this relatively recent vulnerability:

https://blade.tencent.com/magellan/index_en.html

Is Asuswrt-Merlin vulnerable?

Is this not at the browser level (application layer) problem, or am I mistaken? It looks like the safe way to proceed, until the cve is announced, is to update your browser, right? Or did I read this wrong?

 

[Catalinus]

Is this not at the browser level (application layer) problem, or am I mistaken? It looks like the safe way to proceed, until the cve is announced, is to update your browser, right? Or did I read this wrong?

It can be server-side as long as certain features are enabled, for instance Synology has this:

https://www.synology.com/en-us/security/advisory/Synology_SA_18_61

 

[PDinDetroit]

Is this not at the browser level (application layer) problem, or am I mistaken? It looks like the safe way to proceed, until the cve is announced, is to update your browser, right? Or did I read this wrong?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346

 

[RMerlin]

While Asuswrt's sqlite supports FTS3, I highly doubt this can be exploited since the webui isn't SQL-driven. SQLite is only used to store some internal data used by various services (like the TrendMicro engine).