PT-2018-1704 · Mikrotik · Routeros+1

Publicado

2018-08-23

Atualizado

2018-10-12

CVE-2018-1159

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions prior to 6.42.7 MikroTik RouterOS versions prior to 6.40.9

Description The issue is caused by memory corruption errors in the HTTP server of MikroTik RouterOS, specifically in the /nova/bin/www endpoint. An authenticated remote attacker can exploit this by rapidly authenticating and disconnecting, leading to a crash of the HTTP server.

Recommendations For versions prior to 6.42.7, update to version 6.42.7 or later. For versions prior to 6.40.9, update to version 6.40.9 or later. As a temporary workaround, consider restricting access to the /nova/bin/www endpoint to minimize the risk of exploitation.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2018-01264

CVE-2018-1159

Produtos afetados

Mikrotik Routeros

Routeros

PT-2018-1704 · Mikrotik · Routeros+1

CVE-2018-1159

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8