PT-2018-1703 · Mikrotik · Routeros+1

Publicado

2018-08-23

Atualizado

2020-08-24

CVE-2018-1158

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mikrotik RouterOS versions prior to 6.42.7 Mikrotik RouterOS versions prior to 6.40.9

Description The issue is related to a stack exhaustion vulnerability in the HTTP server of the RouterOS operating system. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. This can be achieved by sending a specially crafted request to the server.

Recommendations For versions prior to 6.42.7, update to version 6.42.7 or later to resolve the issue. For versions prior to 6.40.9, update to version 6.40.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP server to minimize the risk of exploitation.

Exploit

Correção

Stack Overflow

Uncontrolled Recursion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-674

Identificadores relacionados

BDU:2018-01263

CVE-2018-1158

Produtos afetados

Mikrotik Routeros

Routeros

PT-2018-1703 · Mikrotik · Routeros+1

CVE-2018-1158

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9