This is the detail about CVE-2018-5721.
The vulnerability exists in router/httpd/web.c. When the authenticated users update some settings, it will call the function ej_update_variables.
While the length of variable action_script is not checked. The attackers can post any data to the server, which can make the server crashed or code execution.
A simple proving.
Fist of all, login into the web management(via any way if you could).
Then just update some setting.
Using burpsuite to change the value of action_script(make sure including “_wan_if”):
Then we can see the register of pc has been overwritten: