ID
VAR-201807-2272
TITLE
Mikrotik Winbox Arbitrary File Access Vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2018-12706
DESCRIPTION
MikroTikRouterOS is a routing operating system based on Linux kernel development, compatible with x86PC routing software, which can be used to turn a standard PC into a professional router. Winbox is a software for remotely managing RouterOS based on Windows, providing an intuitive and convenient graphical interface. There are arbitrary file access vulnerabilities in MikrotikWinbox. An attacker can download arbitrary files, including the user database file of RouterOS, through a carefully constructed request package.
Trust: 0.6
sources:
CNVD: CNVD-2018-12706
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2018-12706
AFFECTED PRODUCTS
| vendor: | mikrotik | model: | winbox | scope: | gte | version: | 6.29,<=6.42 | Trust: 0.6 |
sources:
CNVD: CNVD-2018-12706
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2018-12706
PATCH
| title: | MikrotikWinbox patch for arbitrary file access vulnerabilities | url: | https://www.cnvd.org.cn/patchinfo/show/133823 | Trust: 0.6 |
sources:
CNVD: CNVD-2018-12706
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2018-12706 | Trust: 0.6 |
sources:
CNVD: CNVD-2018-12706
REFERENCES
| url: | https://github.com/basucert/winboxpoc | Trust: 0.6 |
| url: | https://n0p.me/winbox-bug-dissection/ | Trust: 0.6 |
sources:
CNVD: CNVD-2018-12706
SOURCES
| db: | CNVD | id: | CNVD-2018-12706 |
LAST UPDATE DATE
2022-05-04T09:39:04.468000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-12706 | date: | 2018-07-06T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-12706 | date: | 2018-07-06T00:00:00 |