MikroTik RouterOS CVE-2018-7445 Buffer Overflow Vulnerability



MikroTik RouterOS is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
Versions prior to RouterOS 6.41.3 and 6.42rc27 are vulnerable.

Information

Bugtraq ID: 103427
Class: Boundary Condition Error
CVE: CVE-2018-7445

Remote: Yes
Local: No
Published: Mar 15 2018 12:00AM
Updated: Mar 15 2018 12:00AM
Credit: Juan Caillava and Maximiliano Vidal
Vulnerable: MikroTik RouterOS 2.9.51
MikroTik RouterOS 2.9.50
MikroTik RouterOS 2.9.49
MikroTik RouterOS 2.9.48
MikroTik RouterOS 2.9.47
MikroTik RouterOS 2.9.46
MikroTik RouterOS 2.9.45
MikroTik RouterOS 2.9.44
MikroTik RouterOS 2.9.43
MikroTik RouterOS 2.9.42
MikroTik RouterOS 2.9.41
MikroTik RouterOS 2.9.40
MikroTik RouterOS 6.3
MikroTik RouterOS 6.2
MikroTik RouterOS 5.26
MikroTik RouterOS 5.25
MikroTik RouterOS 5.15
MikroTik RouterOS 5.0
MikroTik RouterOS 4.0
MikroTik RouterOS 3.2
MikroTik RouterOS 3.13
MikroTik RouterOS 3.12
MikroTik RouterOS 3.11
MikroTik RouterOS 3.10
MikroTik RouterOS 3.09
MikroTik RouterOS 3.08
MikroTik RouterOS 3.07
MikroTik RouterOS 3.0


Not Vulnerable: MikroTik Routeros 6.41.3
MikroTik Routeros 6.42rc27


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


References:

Related Posts

Comments