CVE-2018-7445: MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability
First published: Mon Mar 19 2018(Updated: )
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MikroTik RouterOS | <6.41.3 | |
| MikroTik RouterOS | =6.4.2-rc11 | |
| MikroTik RouterOS | =6.4.2-rc12 | |
| MikroTik RouterOS | =6.4.2-rc14 | |
| MikroTik RouterOS | =6.4.2-rc15 | |
| MikroTik RouterOS | =6.4.2-rc18 | |
| MikroTik RouterOS | =6.4.2-rc2 | |
| MikroTik RouterOS | =6.4.2-rc20 | |
| MikroTik RouterOS | =6.4.2-rc23 | |
| MikroTik RouterOS | =6.4.2-rc24 | |
| MikroTik RouterOS | =6.4.2-rc27 | |
| MikroTik RouterOS | =6.4.2-rc5 | |
| MikroTik RouterOS | =6.4.2-rc6 | |
| MikroTik RouterOS | =6.4.2-rc9 | |
| MikroTik RouterOS | ||
| <6.41.3 | ||
| =6.4.2-rc11 | ||
| =6.4.2-rc12 | ||
| =6.4.2-rc14 | ||
| =6.4.2-rc15 | ||
| =6.4.2-rc18 | ||
| =6.4.2-rc2 | ||
| =6.4.2-rc20 | ||
| =6.4.2-rc23 | ||
| =6.4.2-rc24 | ||
| =6.4.2-rc27 | ||
| =6.4.2-rc5 | ||
| =6.4.2-rc6 | ||
| =6.4.2-rc9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2018/Mar/38
- http://www.securityfocus.com/bid/103427
- https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow
- https://www.exploit-db.com/exploits/44290/
- https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update,
- https://mikrotik.com/download;
- https://nvd.nist.gov/vuln/detail/CVE-2018-7445
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/description
- agent/title
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/mikrotik
- canonical/mikrotik routeros
- version/mikrotik routeros/6.4.2-rc11
- version/mikrotik routeros/6.4.2-rc12
- version/mikrotik routeros/6.4.2-rc14
- version/mikrotik routeros/6.4.2-rc15
- version/mikrotik routeros/6.4.2-rc18
- version/mikrotik routeros/6.4.2-rc2
- version/mikrotik routeros/6.4.2-rc20
- version/mikrotik routeros/6.4.2-rc23
- version/mikrotik routeros/6.4.2-rc24
- version/mikrotik routeros/6.4.2-rc27
- version/mikrotik routeros/6.4.2-rc5
- version/mikrotik routeros/6.4.2-rc6
- version/mikrotik routeros/6.4.2-rc9