20 matches found
Exploit for Path Traversal in Mikrotik Routeros
Ferramentas de Pentest — /rede Repositório de scripts para au...
EUVD-2020-26879
Malware in sbrugna...
EUVD-2019-13588
Malware in sbrugna...
EUVD-2020-26880
Malware in sbrugna...
CVE-2020-5721
MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuratio...
CVE-2020-5720
MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack...
CVE-2019-3981
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password...
MikroTik Winbox Service Detection
A MikroTik Winbox Service is running at this host. This service is responsible for Winbox tool access, as well as Tik-App smartphone app and Dude probe. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Metasploit Weekly Wrap-Up 01/12/24
New module content 1 Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor Author: Pasquale 'sid' Fiorillo Type: Post Pull request: 18604 contributed by siddolo Path: windows/gather/credentials/winboxsettings Description: This pull request introduces a new post module to extract th...
MikroTik WinBox Information Disclosure Vulnerability
MikroTik WinBox is a utility program for managing MikroTik RouterOS systems from MikroTik Latvia. A security vulnerability exists in MikroTik WinBox version 3.22 and earlier, which stems from the program storing user plaintext passwords in the settings.cfg.viw configuration file. An attacker can...
CVE-2020-5720
MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack...
Path traversal
MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack...
MikroTik Winbox Man-in-the-Middle Attack Vulnerability
Winbox is a small utility program that allows you to manage MikroTik RouterOS using a quick and easy GUI. A man-in-the-middle attack vulnerability exists in MikroTik Winbox 3.20 and earlier versions. An attacker can exploit the vulnerability to degrade the client's authentication protocol and...
CVE-2019-3981
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password...
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
Mikrotik WinBox 6.42 - Credential Disclosure golang / Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 ...
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
/ Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 \ Debian 9 \ Windows 10 \ Android wherever it was...
Mikrotik WinBox 6.42 - Credential Disclosure Exploit
Exploit for windows platform in category remote exploits Exploit Title: Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Date: 2018-05-21 Exploit Authors: Omid Shojaei @Dmitriyarea51, Dark VoidSeeker, Alireza Mosajjal Vendor Page: https://www.mikrotik.com/ Sotware Link:...
UPDATED VERSION: RouterSploit 3.3.0
PenTestIT RSS Feed Since my last update, this router exploitation framework have gone through a lot of updates. This post is about RouterSploit 3.3.0 code named I Know You Were Trouble. We will also discuss changes made to and an earlier version 3.2.0 to maintain a chain with the hopes that I kee...
Mikrotik Winbox Arbitrary File Access Vulnerability
MikroTik RouterOS is a routing operating system, developed based on the Linux kernel, compatible with x86 PC routing software, through which a standard PC computer can be turned into a professional router.Winbox is a Windows-based software for remote management of RouterOS, providing an intuitive...
MikroTik Winbox < 5.17 File Download DoS
According to its self-reported version number, the installation of MikroTik Winbox hosted on the remote web server is affected by a denial of service vulnerability. An unauthenticated, remote attacker may make multiple requests to download a large file, resulting in the service becoming...