CVE-2018-10070

Name of the Vulnerable Software and Affected Versions: MikroTik version 6.41.4

Description: A vulnerability could allow an unauthenticated remote attacker to exhaust all available CPU and RAM by sending a crafted FTP request on port 21 that begins with many '0' characters. This prevents the affected router from accepting new FTP connections, causing it to reboot after 10 minutes and log a "router was rebooted without proper shutdown" message.

Recommendations: For MikroTik version 6.41.4, consider restricting access to port 21 to minimize the risk of exploitation. As a temporary workaround, limit the use of FTP connections until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.