ID

VAR-201808-0384


CVE

CVE-2018-14847


TITLE

MikroTik RouterOS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008866

DESCRIPTION

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. MikroTik RouterOS Contains an authentication vulnerability.Information may be obtained. MikroTik RouterOS is prone to a authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. MikroTik RouterOS version 6.42 and prior versions are vulnerable. MikroTik RouterOS is a routing operating system. Winbox for MikroTik RouterOS is an application for managing MikroTik RouterOS system

Trust: 2.07

sources: NVD: CVE-2018-14847 // JVNDB: JVNDB-2018-008866 // BID: 105269 // VULHUB: VHN-125047 // VULMON: CVE-2018-14847

AFFECTED PRODUCTS

vendor:mikrotikmodel:routerosscope:lteversion:6.42

Trust: 1.8

vendor:mikrotikmodel:routerosscope:eqversion:6.42

Trust: 0.9

vendor:mikrotikmodel:routerosscope:eqversion:6.41.3

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.51

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.50

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.49

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.48

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.47

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.46

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.45

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.44

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.43

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.42

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.41

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:2.9.40

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:6.3

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:6.2

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:5.26

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:5.25

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:5.15

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:5.0

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:4.0

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:3.2

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:3.13

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:3.12

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:3.11

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:3.10

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:3.09

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:3.08

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:3.07

Trust: 0.3

vendor:mikrotikmodel:routerosscope:eqversion:3.0

Trust: 0.3

sources: BID: 105269 // JVNDB: JVNDB-2018-008866 // CNNVD: CNNVD-201808-086 // NVD: CVE-2018-14847

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14847
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14847
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-086
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125047
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-14847
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14847
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2018-14847
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-125047
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14847
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: CVE-2018-14847
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125047 // VULMON: CVE-2018-14847 // JVNDB: JVNDB-2018-008866 // CNNVD: CNNVD-201808-086 // NVD: CVE-2018-14847

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-125047 // JVNDB: JVNDB-2018-008866 // NVD: CVE-2018-14847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-086

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201808-086

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008866

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-125047 // VULMON: CVE-2018-14847

PATCH

title:RouterOSurl:https://mikrotik.com/software

Trust: 0.8

title:mnkurl:https://github.com/nomiyousafzai/mnk

Trust: 0.1

title:Yurl:https://github.com/etc-i/Y

Trust: 0.1

title:PocWinboxurl:https://github.com/alamsyahh15/PocWinbox

Trust: 0.1

title:hackwifiurl:https://github.com/ridwan-aplikom/hackwifi

Trust: 0.1

title:CVE-2018-14847url:https://github.com/yukar1z0e/CVE-2018-14847

Trust: 0.1

title:winboxurl:https://github.com/spot-summers/winbox

Trust: 0.1

title:wurl:https://github.com/Thamirk/ExploitR

Trust: 0.1

title:Python-MikrotikLoginExploiturl:https://github.com/sinichi449/Python-MikrotikLoginExploit

Trust: 0.1

title:WinBox_Exploiturl:https://github.com/RainardHuman/WinBox_Exploit

Trust: 0.1

title:WinboxExploiturl:https://github.com/msterusky/WinboxExploit

Trust: 0.1

title:WinboxExploitMikrotikurl:https://github.com/firmanandriansyah/WinboxExploitMikrotik

Trust: 0.1

title:WinboxExploiturl:https://github.com/ferib/WinboxExploit

Trust: 0.1

title:MkCheckurl:https://github.com/s1l3nt78/MkCheck

Trust: 0.1

title:WinboxPoCurl:https://github.com/Acengerz/WinboxPoC

Trust: 0.1

title:Cracker-Winboxurl:https://github.com/Octha-DroiidXz/Cracker-Winbox

Trust: 0.1

title:MikroRooturl:https://github.com/remix30303/MikroRoot

Trust: 0.1

title:WinboxPoCurl:https://github.com/BasuCert/WinboxPoC

Trust: 0.1

title:MkCheckurl:https://github.com/7dbc/MkCheck

Trust: 0.1

title:eckourl:https://github.com/eckoxxx/ecko

Trust: 0.1

title:wurl:https://github.com/Thamirk/RxTxw

Trust: 0.1

title:WinboxPocurl:https://github.com/exploit747/WinboxPoc

Trust: 0.1

title:Wifi-Hackurl:https://github.com/MRZyNoX/Wifi-Hack

Trust: 0.1

title:PoCurl:https://github.com/Jie-Geng/PoC

Trust: 0.1

title:WinboxPoCurl:https://github.com/ElAcengerz/WinboxPoC

Trust: 0.1

title:Mikrotik-router-hackurl:https://github.com/hacker30468/Mikrotik-router-hack

Trust: 0.1

title:sapulidiurl:https://github.com/dedesundara/sapulidi

Trust: 0.1

title:Winbox-Poc-With-Launcherurl:https://github.com/AuthenticWeebS/Winbox-Poc-With-Launcher

Trust: 0.1

title:CVE-2018-14847url:https://github.com/jas502n/CVE-2018-14847

Trust: 0.1

title:WinboxPoCurl:https://github.com/notfound-git/WinboxPoC

Trust: 0.1

title:darksplitzurl:https://github.com/koboi137/darksplitz

Trust: 0.1

title:awesome-cyber-securityurl:https://github.com/xrkk/awesome-cyber-security

Trust: 0.1

title:Cyber-Security_Collectionurl:https://github.com/RakhithJK/Cyber-Security_Collection

Trust: 0.1

title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers

Trust: 0.1

title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:Threatposturl:https://threatpost.com/huawei-router-default-credential/140234/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2018/10/11/tenable_mikrotik_bugs/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2018/09/27/fancy_bear_modules/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/over-3-700-mikrotik-routers-abused-in-cryptojacking-campaigns/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2018/09/04/mikrotik_routers_pwned/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/thousands-of-compromised-mikrotik-routers-send-traffic-to-attackers/

Trust: 0.1

sources: VULMON: CVE-2018-14847 // JVNDB: JVNDB-2018-008866

EXTERNAL IDS

db:NVDid:CVE-2018-14847

Trust: 2.9

db:EXPLOIT-DBid:45578

Trust: 2.6

db:JVNDBid:JVNDB-2018-008866

Trust: 0.8

db:CNNVDid:CNNVD-201808-086

Trust: 0.7

db:BIDid:105269

Trust: 0.4

db:PACKETSTORMid:149742

Trust: 0.1

db:SEEBUGid:SSVID-97396

Trust: 0.1

db:VULHUBid:VHN-125047

Trust: 0.1

db:VULMONid:CVE-2018-14847

Trust: 0.1

sources: VULHUB: VHN-125047 // VULMON: CVE-2018-14847 // BID: 105269 // JVNDB: JVNDB-2018-008866 // CNNVD: CNNVD-201808-086 // NVD: CVE-2018-14847

REFERENCES

url:https://www.exploit-db.com/exploits/45578/

Trust: 2.7

url:https://github.com/basucert/winboxpoc

Trust: 2.1

url:https://github.com/bignerd95/winboxexploit

Trust: 2.1

url:https://n0p.me/winbox-bug-dissection/

Trust: 2.1

url:https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf

Trust: 1.8

url:https://github.com/tenable/routeros/tree/master/poc/bytheway

Trust: 1.8

url:https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14847

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-14847

Trust: 0.8

url:https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/

Trust: 0.3

url:http://www.mikrotik.com/

Trust: 0.3

url:https://mikrotik.com/download

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/nomiyousafzai/mnk

Trust: 0.1

sources: VULHUB: VHN-125047 // VULMON: CVE-2018-14847 // BID: 105269 // JVNDB: JVNDB-2018-008866 // CNNVD: CNNVD-201808-086 // NVD: CVE-2018-14847

CREDITS

Qihoo 360 Netlab

Trust: 0.3

sources: BID: 105269

SOURCES

db:VULHUBid:VHN-125047
db:VULMONid:CVE-2018-14847
db:BIDid:105269
db:JVNDBid:JVNDB-2018-008866
db:CNNVDid:CNNVD-201808-086
db:NVDid:CVE-2018-14847

LAST UPDATE DATE

2024-08-14T15:07:54.217000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125047date:2019-03-07T00:00:00
db:VULMONid:CVE-2018-14847date:2019-03-07T00:00:00
db:BIDid:105269date:2018-08-02T00:00:00
db:JVNDBid:JVNDB-2018-008866date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201808-086date:2019-03-13T00:00:00
db:NVDid:CVE-2018-14847date:2019-03-07T14:12:53.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-125047date:2018-08-02T00:00:00
db:VULMONid:CVE-2018-14847date:2018-08-02T00:00:00
db:BIDid:105269date:2018-08-02T00:00:00
db:JVNDBid:JVNDB-2018-008866date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201808-086date:2018-08-03T00:00:00
db:NVDid:CVE-2018-14847date:2018-08-02T07:29:00.280