Details of VAR-201808-0384

ID

VAR-201808-0384

CVE

CVE-2018-14847

TITLE

MikroTik RouterOS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008866

DESCRIPTION

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. MikroTik RouterOS Contains an authentication vulnerability.Information may be obtained. MikroTik RouterOS is prone to a authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. MikroTik RouterOS version 6.42 and prior versions are vulnerable. MikroTik RouterOS is a routing operating system. Winbox for MikroTik RouterOS is an application for managing MikroTik RouterOS system

Trust: 2.07

sources: NVD: CVE-2018-14847 // JVNDB: JVNDB-2018-008866 // BID: 105269 // VULHUB: VHN-125047 // VULMON: CVE-2018-14847

AFFECTED PRODUCTS

vendor:	mikrotik	model:	routeros	scope:	lte	version:	6.42	Trust: 1.8
vendor:	mikrotik	model:	routeros	scope:	eq	version:	6.42	Trust: 0.9
vendor:	mikrotik	model:	routeros	scope:	eq	version:	6.41.3	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.51	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.50	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.49	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.48	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.47	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.46	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.45	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.44	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.43	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.42	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.41	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.40	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	6.3	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	6.2	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	5.26	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	5.25	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	5.15	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	5.0	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.2	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.13	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.12	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.11	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.10	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.09	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.08	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.07	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 105269 // JVNDB: JVNDB-2018-008866 // NVD: CVE-2018-14847 // CNNVD: CNNVD-201808-086

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2018-14847
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-14847
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201808-086
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-125047
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-14847
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2018-14847
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-125047
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULMON:	CVE-2018-14847
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	CVE-2018-14847
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-125047 // VULMON: CVE-2018-14847 // JVNDB: JVNDB-2018-008866 // NVD: CVE-2018-14847 // CNNVD: CNNVD-201808-086

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	CWE-287	Trust: 0.9

sources: VULHUB: VHN-125047 // JVNDB: JVNDB-2018-008866 // NVD: CVE-2018-14847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-086

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201808-086

CONFIGURATIONS

sources: NVD: CVE-2018-14847

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-125047 // VULMON: CVE-2018-14847

PATCH

title:	RouterOS	url:	https://mikrotik.com/software	Trust: 0.8
title:	mnk	url:	https://github.com/nomiyousafzai/mnk	Trust: 0.1
title:	Y	url:	https://github.com/etc-i/y	Trust: 0.1
title:	PocWinbox	url:	https://github.com/alamsyahh15/pocwinbox	Trust: 0.1
title:	hackwifi	url:	https://github.com/ridwan-aplikom/hackwifi	Trust: 0.1
title:	CVE-2018-14847	url:	https://github.com/yukar1z0e/cve-2018-14847	Trust: 0.1
title:	winbox	url:	https://github.com/spot-summers/winbox	Trust: 0.1
title:	w	url:	https://github.com/thamirk/exploitr	Trust: 0.1
title:	Python-MikrotikLoginExploit	url:	https://github.com/sinichi449/python-mikrotikloginexploit	Trust: 0.1
title:	WinBox_Exploit	url:	https://github.com/rainardhuman/winbox_exploit	Trust: 0.1
title:	WinboxExploit	url:	https://github.com/msterusky/winboxexploit	Trust: 0.1
title:	WinboxExploitMikrotik	url:	https://github.com/firmanandriansyah/winboxexploitmikrotik	Trust: 0.1
title:	WinboxExploit	url:	https://github.com/ferib/winboxexploit	Trust: 0.1
title:	MkCheck	url:	https://github.com/s1l3nt78/mkcheck	Trust: 0.1
title:	WinboxPoC	url:	https://github.com/acengerz/winboxpoc	Trust: 0.1
title:	Cracker-Winbox	url:	https://github.com/octha-droiidxz/cracker-winbox	Trust: 0.1
title:	MikroRoot	url:	https://github.com/remix30303/mikroroot	Trust: 0.1
title:	WinboxPoC	url:	https://github.com/basucert/winboxpoc	Trust: 0.1
title:	MkCheck	url:	https://github.com/7dbc/mkcheck	Trust: 0.1
title:	ecko	url:	https://github.com/eckoxxx/ecko	Trust: 0.1
title:	w	url:	https://github.com/thamirk/rxtxw	Trust: 0.1
title:	WinboxPoc	url:	https://github.com/exploit747/winboxpoc	Trust: 0.1
title:	Wifi-Hack	url:	https://github.com/mrzynox/wifi-hack	Trust: 0.1
title:	PoC	url:	https://github.com/jie-geng/poc	Trust: 0.1
title:	WinboxPoC	url:	https://github.com/elacengerz/winboxpoc	Trust: 0.1
title:	Mikrotik-router-hack	url:	https://github.com/hacker30468/mikrotik-router-hack	Trust: 0.1
title:	sapulidi	url:	https://github.com/dedesundara/sapulidi	Trust: 0.1
title:	Winbox-Poc-With-Launcher	url:	https://github.com/authenticweebs/winbox-poc-with-launcher	Trust: 0.1
title:	CVE-2018-14847	url:	https://github.com/jas502n/cve-2018-14847	Trust: 0.1
title:	WinboxPoC	url:	https://github.com/notfound-git/winboxpoc	Trust: 0.1
title:	darksplitz	url:	https://github.com/koboi137/darksplitz	Trust: 0.1
title:	awesome-cyber-security	url:	https://github.com/xrkk/awesome-cyber-security	Trust: 0.1
title:	Cyber-Security_Collection	url:	https://github.com/rakhithjk/cyber-security_collection	Trust: 0.1
title:	Exp101tsArchiv30thers	url:	https://github.com/nu11secur1ty/exp101tsarchiv30thers	Trust: 0.1
title:	awesome-cve-poc_qazbnm456	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xt11/cve-poc	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/poc-in-github	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/huawei-router-default-credential/140234/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2018/10/11/tenable_mikrotik_bugs/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2018/09/27/fancy_bear_modules/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/over-3-700-mikrotik-routers-abused-in-cryptojacking-campaigns/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2018/09/04/mikrotik_routers_pwned/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/thousands-of-compromised-mikrotik-routers-send-traffic-to-attackers/	Trust: 0.1

sources: VULMON: CVE-2018-14847 // JVNDB: JVNDB-2018-008866

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14847	Trust: 2.9
db:	EXPLOIT-DB	id:	45578	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-008866	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-086	Trust: 0.7
db:	BID	id:	105269	Trust: 0.4
db:	PACKETSTORM	id:	149742	Trust: 0.1
db:	SEEBUG	id:	SSVID-97396	Trust: 0.1
db:	VULHUB	id:	VHN-125047	Trust: 0.1
db:	VULMON	id:	CVE-2018-14847	Trust: 0.1

sources: VULHUB: VHN-125047 // VULMON: CVE-2018-14847 // BID: 105269 // JVNDB: JVNDB-2018-008866 // NVD: CVE-2018-14847 // CNNVD: CNNVD-201808-086

REFERENCES

url:	https://www.exploit-db.com/exploits/45578/	Trust: 2.7
url:	https://github.com/basucert/winboxpoc	Trust: 2.1
url:	https://github.com/bignerd95/winboxexploit	Trust: 2.1
url:	https://n0p.me/winbox-bug-dissection/	Trust: 2.1
url:	https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf	Trust: 1.8
url:	https://github.com/tenable/routeros/tree/master/poc/bytheway	Trust: 1.8
url:	https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14847	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14847	Trust: 0.8
url:	https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/	Trust: 0.3
url:	http://www.mikrotik.com/	Trust: 0.3
url:	https://mikrotik.com/download	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/nomiyousafzai/mnk	Trust: 0.1

sources: VULHUB: VHN-125047 // VULMON: CVE-2018-14847 // BID: 105269 // JVNDB: JVNDB-2018-008866 // NVD: CVE-2018-14847 // CNNVD: CNNVD-201808-086

CREDITS

Qihoo 360 Netlab

Trust: 0.3

sources: BID: 105269

SOURCES

db:	VULHUB	id:	VHN-125047
db:	VULMON	id:	CVE-2018-14847
db:	BID	id:	105269
db:	JVNDB	id:	JVNDB-2018-008866
db:	NVD	id:	CVE-2018-14847
db:	CNNVD	id:	CNNVD-201808-086

LAST UPDATE DATE

2023-12-18T13:43:35.324000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125047	date:	2019-03-07T00:00:00
db:	VULMON	id:	CVE-2018-14847	date:	2019-03-07T00:00:00
db:	BID	id:	105269	date:	2018-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-008866	date:	2018-10-31T00:00:00
db:	NVD	id:	CVE-2018-14847	date:	2019-03-07T14:12:53.707
db:	CNNVD	id:	CNNVD-201808-086	date:	2019-03-13T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125047	date:	2018-08-02T00:00:00
db:	VULMON	id:	CVE-2018-14847	date:	2018-08-02T00:00:00
db:	BID	id:	105269	date:	2018-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-008866	date:	2018-10-31T00:00:00
db:	NVD	id:	CVE-2018-14847	date:	2018-08-02T07:29:00.280
db:	CNNVD	id:	CNNVD-201808-086	date:	2018-08-03T00:00:00