MikroTik RouterOS SNMP Security Bypass (CVE-2008-6976)

MikroTik RouterOS is prone to a security-bypass vulnerability because the software fails to sufficiently sanitize SNMP requests. Successfully exploiting this issue allows attackers to write to and change certain aspects of the Network Management System NMS. This may aid in further attacks. Versio...

MikroTik RouterOS Cross-Site Scripting Vulnerability

MikroTik RouterOS is a set of routing operating system developed based on Linux core by MikroTik Latvia. The system turns a PC computer into a professional router. A cross-site scripting vulnerability exists in MikroTik RouterOS version 6.36.2. Due to the program failing to adequately filter...

MikroTik RouterOS 6.36.2 Cross Site Scripting

Title: RouterOS v6.36.2 - Cross Site Scripting Type: Local/Remote Author: Nassim Asrir Author Company: HenceForth Risk: 3/5 Release Date: 11.11.2016 Summary: MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. It can also be installed on a PC and will turn it into a router...

MikroTik RouterOS cross-site request forgery vulnerability

No description provided by source...

Web interface for DNSmasq / Mikrotik - SQL Injection

Exploit for php platform in category web applications / + Credits: hyp3rlinx Vendor: ==================== tmcdos / sourceforge Product: ====================== dnsdhcp Web Interface Download: sourceforge.net/projects/dnsmasq-mikrotik-admin/?source=directory This is a very simple web interface for...

CVE-2015-2350

Cross-site request forgery CSRF vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg...

CVE-2015-2350

Cross-site request forgery CSRF vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg...

CVE-2015-2350

CVE-2015-2350 affects MikroTik RouterOS 5.0 and earlier. A cross-site request forgery on the status page (/cfg) allows remote attackers to hijack the administrator’s session and change the administrator password. Root cause: CSRF vulnerability. No remediation details or patch/version information ...

MikroTik RouterOS Cross-Site Request Forgery Vulnerability

MikroTik RouterOS is an operating system for routers. MikroTik RouterOS suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions, such as changing passwords, in the context of...

MikroTik RouterOS Cross Site Request Forgery

MikroTik RouterOS v5.0 Admin Password Change CSRF Vulnerability by @SymbianSyMoh What is MikroTik RouterOS?! MikroTik RouterOS is an operating system based on the Linux kernel, known as the MikroTik RouterOS. Installed on the company's proprietary hardware RouterBOARD series, or on standard...

mikrotik-routeros-brute NSE Script

Performs brute force password auditing against Mikrotik RouterOS devices with the API RouterOS interface enabled. Additional information: Script Arguments mikrotik-routeros-brute.threads sets the number of threads. Default: 1 brute.credfile, brute.delay, brute.emptypass, brute.firstonly,...

MikroTik RouterOS 3.0 SNMP SET Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27599/info MikroTik RouterOS is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash an affected router, denying service to legitimate users. This issue affects versions up to and...

Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption

No description provided by source...

MicroTik RouterOS <= 3.2 SNMPd snmp-set Denial of Service Exploit

No description provided by source. / -------------------------------------------------------------------------- c ShadOS 2008 | || || | | |/ / | || | | / - | | ' | ' | / | ' \ - |||||||\|||, |||// hellknights.void.ru |/ .0x48k...

MicroTik RouterOS <= 3.13 SNMP write (Set request) PoC

No description provided by source. / -------------------------------------------------------------------------- c ShadOS 2008 | || || | | |/ / | || | | / - | | ' | ' | / | ' \ - |||||||\|||, |||// hellknights.void.ru |/ .0x48k...

sstp-discover NSE Script

Check if the Secure Socket Tunneling Protocol is supported. This is accomplished by trying to establish the HTTPS layer which is used to carry SSTP traffic as described in: - Current SSTP server implementations: - Microsoft Windows Server 2008/Server 2012 - MikroTik RouterOS - SEIL Example...

[MKBRUTUS] Password bruteforcer for MikroTik devices or boxes running RouterOS

Mikrotik brand devices www.mikrotik.com, which runs the RouterOS operative system, are worldwide known and popular with a high networking market penetration. Many companies choose them as they are a great combination of low-cost and good performance. RouterOS can be also installed on other device...

MikroTik RouterOS 5.x < 5.26 / 6.x < 6.3 sshd Unspecified Remote Heap Corruption

According to its self-reported version, the remote networking device is running a version of MikroTik 5.x before 5.26 or 6.x before 6.3. It, therefore, reportedly has a heap corruption vulnerability in its sshd component that can be leveraged by an unauthenticated, remote attacker to crash the SS...

Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption

Hello lists, here you find the analysis of a vulnerability I recently discovered. Mikrotik RouterOS 5. and 6. sshd remote preauth heap corruption http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/ Additionally it includes a way to drop into a...