New MikroTik Router Vulnerabilities Winbox Gives Full
Root Access exploit CVE
New MikroTik Router Vulnerabilities CVE Found
Besides this, Tenable Research also disclosed additional
MikroTik RouterOS vulnerabilities, including:
CVE-2018-1156—A stack buffer overflow flaw that could allow
an authenticated remote code execution, allowing attackers to gain full system
access and access to any internal system that uses the router.
CVE-2018-1157—A file upload memory exhaustion flaw that
allows an authenticated remote attacker to crash the HTTP server.
CVE-2018-1159—A www memory corruption flaw that could crash
the HTTP server by rapidly authenticating and disconnecting.
CVE-2018-1158—A recursive parsing stack exhaustion issue
that could crash the HTTP server via recursive parsing of JSON.
The vulnerabilities impact MikroTik RouterOS firmware
versions before 6.42.7 and 6.40.9.
Tenable Research reported the issues to MikroTik in May, and
the company addressed the vulnerabilities by releasing its RouterOS versions
6.40.9, 6.42.7 and 6.43 in August. While all the vulnerabilities were patched
over a month ago, a recent scan by Tenable Research revealed that 70 percent of
routers (which equals to 200,000) are still vulnerable to attack.
Details:
CVE-2017-8338
A vulnerability in MikroTik Version 6.38.5 could allow an
unauthenticated remote attacker to exhaust all available CPU via a flood of UDP
packets on port 500 (used for L2TP over IPsec), preventing the affected router
from accepting new connections; all devices will be disconnected from the
router and all logs removed automatically. Vulnerability
Details:
CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB
service when processing NetBIOS session request messages. Remote attackers with
access to the service can exploit this vulnerability and gain code execution on
the system. The overflow occurs before authentication takes place, so it is
possible for an unauthenticated remote attacker to exploit it. All
architectures and all devices running RouterOS before versions 6.41.3/6.42rc27
are vulnerable. Vulnerability
Details:
CVE-2017-7285
A vulnerability in the network stack of MikroTik Version
6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to
exhaust all available CPU via a flood of TCP RST packets, preventing the
affected router from accepting new TCP connections. Vulnerability
Details:
CVE-2018-10070
A vulnerability in MikroTik version 6.41.2 could allow an unauthenticated
remote attacker to exhaust all available RAM by sending a crafted FTP request on
port 21 that begins with many "\0" characters, preventing the
affected router from accepting new FTP connections. The router will be reboot
after 10 minutes, logging a router was rebooted without proper shutdown
message.
Details:
CVE-2018-7745
A buffer overflow was found in the MikroTik RouterOS SMB
service when processing NetBIOS session request message, Remote attackers with access
to the service can exploit this vulnerability and gain code execution on the
system. The overflow occurs before authentication taker place, so it is
possible for an unauthenticated remote attacker to exploit it. All architecture
and all devices running RouterOS before version 6.41/6.4rc27 are vulnerable.
Details: CVE-2018-10066
An issue was discovered in MikroTik RouterOS 6.41.4. Missing
OpenVPN server certificate verification allows a remote unauthenticated
attacker capable of intercepting client traffic to act as a malicious OpenVPN
server. This may allow the attacker to gain access to the client's internal
network (for example, at site-to-site tunnels).
|
Product Type
|
|