CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1156

HIGH
8.8
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile18.42th
PublishedAug 23, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.

Affected Platforms (CPE)

πŸ’»
Mikrotik

Routeros

< 6.40.9
πŸ’»
Mikrotik

Routeros

< 6.42.7

References & Advisories

πŸ”— https://mikrotik.com/download/changelogs
πŸ”— https://mikrotik.com/download/changelogs/bugfix-release-tree
πŸ”— https://www.tenable.com/security/research/tra-2018-21
πŸ”— https://mikrotik.com/download/changelogs
πŸ”— https://mikrotik.com/download/changelogs/bugfix-release-tree
πŸ”— https://www.tenable.com/security/research/tra-2018-21

Related Vulnerabilities

CVE-2017-201499.8

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A...

CVE-2018-74459.8

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attacker...

CVE-2018-148479.1

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers ...

CVE-2019-39768.8

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via t...