Multiple vulnerabilities in Mikrotik RouterOS
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-1156 CVE-2018-1157 CVE-2018-1158 CVE-2018-1159 |
| CWE-ID | CWE-121 CWE-399 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MikroTik RouterOS Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | MikroTik |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU14521
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1156
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the license upgrade interface. A remote authenticated attacker can send a specially crafted request to the affected device, trigger stack-based buffer overflow and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMikroTik RouterOS: 6.40.1 - 6.42.6
External linkshttp://mikrotik.com/download/changelogs
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU14525
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1157
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing requests within the HTTP server. A remote authenticated attacker can send specially crafted requests to the affected device and crash the HTTP server or reload the router.
Install updates from vendor's website.
Vulnerable software versionsMikroTik RouterOS: 6.40.1 - 6.42.6
External linkshttp://mikrotik.com/download/changelogs
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Denial of service
EUVDB-ID: #VU14526
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1158
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when parsing recursive JSON requests within the HTTP server. A remote authenticated attacker can send specially crafted requets to the affected device and crash the HTTP server.
Install updates from vendor's website.
Vulnerable software versionsMikroTik RouterOS: 6.40.1 - 6.42.6
External linkshttp://mikrotik.com/download/changelogs
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU14528
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1159
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the HTTP server. A remote authenticated attacker can crash the affected HTTP server by rapidly authenticating and disconnecting.
Install updates from vendor's website.
Vulnerable software versionsMikroTik RouterOS: 6.40.1 - 6.42.6
External linkshttp://mikrotik.com/download/changelogs
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
