CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-14847

Known Exploited (CISA KEV)CRITICAL
9.1
CVSS Severity Score
EPSS Score27.1220%
EPSS Percentile94.74th
Published2018年8月2日
Last Modified2025年11月7日

Vulnerability Description

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Affected Platforms (CPE)

💻
Mikrotik

Routeros

<= 6.42

References & Advisories

🔗 https://github.com/BasuCert/WinboxPoC
🔗 https://github.com/BigNerd95/WinboxExploit
🔗 https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf
🔗 https://github.com/tenable/routeros/tree/master/poc/bytheway
🔗 https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847
🔗 https://mikrotik.com/supportsec/winbox-vulnerability
🔗 https://n0p.me/winbox-bug-dissection/
🔗 https://www.exploit-db.com/exploits/45578/

相關漏洞威脅

CVE-2017-201499.8

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A...

CVE-2018-74459.8

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attacker...

CVE-2019-39768.8

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via t...

CVE-2018-11568.8

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vuln...