Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-14847
HistoryAug 02, 2018 - 7:29 a.m.

CVE-2018-14847

2018-08-0207:29:00
CWE-22
[email protected]
web.nvd.nist.gov
1329
In Wild
4
mikrotik
routeros
6.42
winbox
directory traversal
vulnerability
nvd
cve-2018-14847

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Social References

More

Related

attackerkb 1
impervablog 2
thn 7
exploitpack 2
openvas 2
hackread 1
packetstorm 2
cisa_kev 1
zdt 1
checkpoint_advisories 1
prion 1
threatpost 6
mmpc 1
nessus 2
talosblog 1
mssecure 1
malwarebytes 1
exploitdb 2
rapid7blog 1
cisa 1
kitploit 1
ics 1
attackerkb
attackerkb
CVE-2018-14847
2018-08-02 00:00:00
impervablog
impervablog
The 3 Biggest DDoS Attacks Imperva Has Mitigated
2022-05-31 15:12:48
Imperva Mitigates Ransom DDoS Attack Measuring 2.5 Million Requests per Second
2022-03-04 15:21:44
thn
thn
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control
2022-03-17 10:05:00
Mēris Botnet Hit Russia's Yandex With Massive 22 Million RPS DDoS Attack
2021-09-11 11:18:00
Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic
2018-09-04 09:53:00
exploitpack
exploitpack
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
2018-08-17 00:00:00
MicroTik RouterOS 6.43rc3 - Remote Root
2018-10-10 00:00:00
openvas
openvas
Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability - Active Check
2018-07-06 00:00:00
Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability - Version Check
2018-04-25 00:00:00
hackread
hackread
MikroTik router vulnerability lets hackers bypass firewall to load malware undetected
2018-10-09 17:37:16
packetstorm
packetstorm
Mikrotik WinBox 6.42 Credential Disclosure
2018-08-17 00:00:00
Mikrotik RouterOS Remote Root
2018-10-10 00:00:00
cisa_kev
cisa_kev
MikroTik Router OS Directory Traversal Vulnerability
2021-12-01 00:00:00
zdt
zdt
MicroTik RouterOS < 6.43rc3 - Remote Root Exploit
2018-10-10 00:00:00
checkpoint_advisories
checkpoint_advisories
MikroTik RouterOS Winbox Authentication Bypass (CVE-2018-14847)
2018-08-06 00:00:00
prion
prion
Directory traversal
2018-08-02 07:29:00
threatpost
threatpost
Yandex Pummeled by Potent Meris DDoS Botnet
2021-09-10 16:31:14
Thousands of MikroTik Routers Hijacked for Eavesdropping
2018-09-04 18:34:10
Massive Meris Botnet Embeds Ransomware Notes from REvil
2022-03-04 22:46:59
mmpc
mmpc
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
2022-03-16 15:00:00
nessus
nessus
MikroTik RouterOS Path Traversal (CVE-2018-14847)
2024-02-27 00:00:00
MikroTik RouterOS Winbox Unauthenticated Arbitrary File Read/Write Vulnerability
2018-09-06 00:00:00
talosblog
talosblog
VPNFilter III: More Tools for the Swiss Army Knife of Malware
2018-09-26 07:59:00
mssecure
mssecure
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
2022-03-16 15:00:00
malwarebytes
malwarebytes
Fake browser update seeks to compromise more MikroTik routers
2018-10-12 15:00:06
exploitdb
exploitdb
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
2018-08-17 00:00:00
MicroTik RouterOS &lt; 6.43rc3 - Remote Root
2018-10-10 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2020-11-06 19:55:51
cisa
cisa
CISA Adds Five Known Exploited Vulnerabilities to Catalog
2021-12-01 00:00:00
kitploit
kitploit
Darksplitz - Exploit Framework
2019-04-04 21:12:00
ics
ics
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
2022-06-10 12:00:00

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.975 High

EPSS

Percentile

100.0%

JSON
Related for CVE-2018-14847
attackerkb1impervablog2thn7exploitpack2openvas2hackread1packetstorm2cisa_kev1zdt1checkpoint_advisories1prion1threatpost6mmpc1nessus2talosblog1mssecure1malwarebytes1exploitdb2rapid7blog1cisa1kitploit1ics1