MikroTik RouterOS is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
Versions prior to RouterOS 6.41.3 and 6.42rc27 are vulnerable.
Information
MikroTik RouterOS 2.9.50
MikroTik RouterOS 2.9.49
MikroTik RouterOS 2.9.48
MikroTik RouterOS 2.9.47
MikroTik RouterOS 2.9.46
MikroTik RouterOS 2.9.45
MikroTik RouterOS 2.9.44
MikroTik RouterOS 2.9.43
MikroTik RouterOS 2.9.42
MikroTik RouterOS 2.9.41
MikroTik RouterOS 2.9.40
MikroTik RouterOS 6.3
MikroTik RouterOS 6.2
MikroTik RouterOS 5.26
MikroTik RouterOS 5.25
MikroTik RouterOS 5.15
MikroTik RouterOS 5.0
MikroTik RouterOS 4.0
MikroTik RouterOS 3.2
MikroTik RouterOS 3.13
MikroTik RouterOS 3.12
MikroTik RouterOS 3.11
MikroTik RouterOS 3.10
MikroTik RouterOS 3.09
MikroTik RouterOS 3.08
MikroTik RouterOS 3.07
MikroTik RouterOS 3.0
MikroTik Routeros 6.42rc27
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- RouterOS (MikroTik)
- RouterOS Homepage (MikroTik)
- MikroTik RouterOS SMB Buffer Overflow (coresecurity.com)