Exploit for Path Traversal in Mikrotik Routeros

Ferramentas de Pentest — /rede Repositório de scripts para au...

📄 MikroTik RouterOS WinBox 3.41 Username Enumeration

Proof of concept exploit for MikroTik RouterOS WinBox version 3.41 that demonstrates a username enumeration vulnerability. ============================================================================================================================================= | Title : MikroTik RouterOS WinB...

EUVD-2019-13550

Malware in sbrugna...

EUVD-2012-5924

Malware in sbrugna...

EUVD-2020-26879

Malware in sbrugna...

EUVD-2019-13588

Malware in sbrugna...

EUVD-2005-1609

Malware in sbrugna...

EUVD-2020-26880

Malware in sbrugna...

EUVD-2023-35159

Malicious code in bioql PyPI...

EUVD-2024-52669

Malicious code in bioql PyPI...

Exploit for Path Traversal in Mikrotik Routeros

This is a PoC exploit for CVE-2018-14847, a vulnerability in RouterOS. The repository contains a simple implementation of a Winbox server, which is a protocol used to manage RouterOS devices. The server accepts a single Winbox message, parses it, and responds with a message indicating insufficien...

kerma

This repository is an exploit toolkit for a critical vulnerability in Mikrotik RouterOS Winbox. The vulnerability is present in all versions from 6.29 to 6.42. The toolkit includes several scripts and tools to exploit the vulnerability and extract user credentials. The PoC.py script is the main...

Exploit for Path Traversal in Mikrotik Routeros

This is a PoC exploit for CVE-2018-14847 targeting RouterOS-based routers. The tool, named Meris RouterOS Checker, checks a list of IP addresses to validate if they were infected with Meris. It uses the RouterOS API, SSH, and WinBox to connect to the routers and attempt to exploit the...

MAL-2025-39297 Malicious code in winbox-mikrotik (npm)

The package winbox-mikrotik was found to contain malicious code...

Malicious code in winbox-mikrotik (npm)

The package winbox-mikrotik was found to contain malicious code...

CVE-2023-30799

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...

CVE-2020-5721

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuratio...

CVE-2020-5720

MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack...

CVE-2019-3981

MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password...

MikroTik RouterOS Detection (Winbox)

Winbox based detection of MikroTik RouterOS. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...