Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310114466
HistoryMar 28, 2024 - 12:00 a.m.

MikroTik RouterOS 6.40.5 - 6.44, 6.48.1 - 6.49.10 DoS Vulnerability

2024-03-2800:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
47
mikrotik
routeros
dos vulnerability
smb service
denial of service
cve-2024-27686
6.40.5
6.44
6.48.1
6.49.10
github
exploit-db

6.6 Medium

AI Score

Confidence

High

JSON

MikroTik RouterOS is prone to a denial of service (DoS)
vulnerability.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:mikrotik:routeros";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.114466");
  script_version("2024-06-27T05:05:29+0000");
  script_tag(name:"last_modification", value:"2024-06-27 05:05:29 +0000 (Thu, 27 Jun 2024)");
  script_tag(name:"creation_date", value:"2024-03-28 14:56:05 +0000 (Thu, 28 Mar 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_cve_id("CVE-2024-27686");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"NoneAvailable");

  script_name("MikroTik RouterOS 6.40.5 - 6.44, 6.48.1 - 6.49.10 DoS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("gb_mikrotik_router_routeros_consolidation.nasl");
  script_mandatory_keys("mikrotik/detected");

  script_tag(name:"summary", value:"MikroTik RouterOS is prone to a denial of service (DoS)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw exists in the SMB service. Please see the references
  for more technical info.");

  script_tag(name:"affected", value:"MikroTik RouterOS version 6.40.5 through 6.44 and 6.48.1
  through 6.49.10 are known to be affected. Other versions might be also affected but haven't been
  tested by the security researcher.");

  script_tag(name:"solution", value:"No known solution is available as of 26th June, 2024.
  Information regarding this issue will be updated once solution details are available.");

  script_xref(name:"URL", value:"https://github.com/ice-wzl/RouterOS-SMB-DOS-POC");
  script_xref(name:"URL", value:"https://www.exploit-db.com/exploits/51931");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if (version_in_range(version: version, test_version: "6.40.5", test_version2: "6.44")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "None");
  security_message(port: 0, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "6.48.1", test_version2: "6.49.10")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "None");
  security_message(port: 0, data: report);
  exit(0);
}

exit(0);

Related

exploitdb 1
packetstorm 1
zdt 1
exploitdb
exploitdb
RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service
2024-03-28 00:00:00
packetstorm
packetstorm
RouterOS 6.44 / 6.49.10 Denial Of Service
2024-03-28 00:00:00
zdt
zdt
RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service Exploit
2024-03-29 00:00:00

6.6 Medium

AI Score

Confidence

High

JSON
Related for OPENVAS:1361412562310114466
exploitdb1packetstorm1zdt1