CVE-2018-1158

CVE-2018-1158 affects MikroTik RouterOS before 6.40.9 and 6.42.7. It is a stack-exhaustion flaw where an authenticated remote attacker can crash the HTTP server by recursively parsing JSON. The issue is mitigated by upgrading RouterOS to 6.40.9, 6.42.7 or later (e.g., 6.43).

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Exploit Title: Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Date: 2018-05-21 Exploit Authors: Omid Shojaei @Dmitriyarea51, Dark VoidSeeker, Alireza Mosajjal Vendor Page: https://www.mikrotik.com/ Sotware Link:...

Mikrotik WinBox 6.42 - Credential Disclosure Exploit

Exploit for windows platform in category remote exploits Exploit Title: Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Date: 2018-05-21 Exploit Authors: Omid Shojaei @Dmitriyarea51, Dark VoidSeeker, Alireza Mosajjal Vendor Page: https://www.mikrotik.com/ Sotware Link:...

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Exploit Title: Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Date: 2018-05-21 Exploit Authors: Omid Shojaei @Dmitriyarea51, Dark VoidSeeker, Alireza Mosajjal Vendor Page: https://www.mikrotik.com/ Sotware Link: https://mikrotik.com/download Version: 6.29 - 6.42 Tested on: Metasploit...

MikroTik RouterOS Winbox Authentication Bypass (CVE-2018-14847)

An authentication bypass vulnerability exists in the Winbox component of Mikrotik RouterOS. A remote attacker could exploit this flaw by sending specially crafted packets to the affected server. Successful exploitation of this vulnerability would allow a remote attacker to hijack a user's session...

Directory traversal

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

CVE-2018-14847

CVE-2018-14847 is a WinBox directory-traversal vulnerability in MikroTik RouterOS that allowed unauthenticated remote file reads and, with authenticated access, file writes. Public PoCs/exploits (By the Way, WinboxExploit, MAC/RouterOS PoCs) demonstrate remote reading of the admin password and, i...

Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability (Apr 2018) - Active Check

Mikrotik RouterOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mikrotik Winbox 任意文件访问漏洞

In April 23rd 2018, Mikrotik fixed a vulnerability “that allowed gaining access to an unsecured router”. myself and @yalpanian of BASU CERT reverse engineering lab tried to figure out what exactly got fixed, what was the problem in the first place and how severe was the impact of it. UPDATE: full...

Exploit for Path Traversal in Mikrotik Routeros

WinboxExploit This is a proof of concept of the critical WinBo...

Exploit for Path Traversal in Mikrotik Routeros

WinboxExploit This is a proof of concept of the critical WinBo...

MikroTik RouterOS Chimay Red Remote Code Execution

A remote code execution vulnerability exists in MikroTik RouterOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability (Apr 2018) - Version Check

Mikrotik RouterOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2018-1757

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions prior to 6.42 Description The issue is caused by a directory traversal vulnerability in the WinBox interface of MikroTik RouterOS, allowing unauthenticated remote attackers to read arbitrary files and remote...

MikroTik RouterOS 6.41.4 DoS Vulnerability

MikroTik RouterOS is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MikroTik RouterOS 6.41.4 Authentication Bypass Vulnerability

An issue was discovered in MikroTik RouterOS. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted...