Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2018-14847
HistoryDec 01, 2021 - 12:00 a.m.

MikroTik Router OS Directory Traversal Vulnerability

2021-12-0100:00:00
CISA
www.cisa.gov
16
mikrotik
routeros
directory traversal
winbox
remote attackers
arbitrary files

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.974

Percentile

100.0%

JSON

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Related

threatpost 6
exploitdb 2
nessus 2
packetstorm 2
malwarebytes 1
thn 7
mssecure 1
attackerkb 1
openvas 2
impervablog 2
nvd 1
hackread 1
exploitpack 2
cvelist 1
talosblog 1
checkpoint_advisories 1
mmpc 1
prion 1
cve 1
zdt 1
rapid7blog 1
kitploit 1
cisa 1
ics 1
githubexploit 2
threatpost
threatpost
Massive Meris Botnet Embeds Ransomware Notes from REvil
2022-03-04 22:46:59
Yandex Pummeled by Potent Meris DDoS Botnet
2021-09-10 16:31:14
Thousands of MikroTik Routers Hijacked for Eavesdropping
2018-09-04 18:34:10
exploitdb
exploitdb
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
2018-08-17 00:00:00
MicroTik RouterOS < 6.43rc3 - Remote Root
2018-10-10 00:00:00
nessus
nessus
MikroTik RouterOS Winbox Unauthenticated Arbitrary File Read/Write Vulnerability
2018-09-06 00:00:00
MikroTik RouterOS Path Traversal (CVE-2018-14847)
2024-02-27 00:00:00
packetstorm
packetstorm
Mikrotik RouterOS Remote Root
2018-10-10 00:00:00
Mikrotik WinBox 6.42 Credential Disclosure
2018-08-17 00:00:00
malwarebytes
malwarebytes
Fake browser update seeks to compromise more MikroTik routers
2018-10-12 15:00:06
thn
thn
Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks
2022-03-05 07:53:00
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control
2022-03-17 10:05:00
Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic
2018-09-04 09:53:00
mssecure
mssecure
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
2022-03-16 15:00:00
attackerkb
attackerkb
CVE-2018-14847
2018-08-02 00:00:00
openvas
openvas
Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability - Active Check
2018-07-06 00:00:00
Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability - Version Check
2018-04-25 00:00:00
impervablog
impervablog
The 3 Biggest DDoS Attacks Imperva Has Mitigated
2022-05-31 15:12:48
Imperva Mitigates Ransom DDoS Attack Measuring 2.5 Million Requests per Second
2022-03-04 15:21:44
nvd
nvd
CVE-2018-14847
2018-08-02 07:29:00
hackread
hackread
MikroTik router vulnerability lets hackers bypass firewall to load malware undetected
2018-10-09 17:37:16
exploitpack
exploitpack
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
2018-08-17 00:00:00
MicroTik RouterOS 6.43rc3 - Remote Root
2018-10-10 00:00:00
cvelist
cvelist
CVE-2018-14847
2018-08-02 07:00:00
talosblog
talosblog
VPNFilter III: More Tools for the Swiss Army Knife of Malware
2018-09-26 07:59:00
checkpoint_advisories
checkpoint_advisories
MikroTik RouterOS Winbox Authentication Bypass (CVE-2018-14847)
2018-08-06 00:00:00
mmpc
mmpc
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
2022-03-16 15:00:00
prion
prion
Directory traversal
2018-08-02 07:29:00
cve
cve
CVE-2018-14847
2018-08-02 07:29:00
zdt
zdt
MicroTik RouterOS < 6.43rc3 - Remote Root Exploit
2018-10-10 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2020-11-06 19:55:51
kitploit
kitploit
Darksplitz - Exploit Framework
2019-04-04 21:12:00
cisa
cisa
CISA Adds Five Known Exploited Vulnerabilities to Catalog
2021-12-01 00:00:00
ics
ics
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
2022-06-10 12:00:00
githubexploit
githubexploit
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.974

Percentile

100.0%

JSON
Related for CISA-KEV-CVE-2018-14847
threatpost6exploitdb2nessus2packetstorm2malwarebytes1thn7mssecure1attackerkb1openvas2impervablog2nvd1hackread1exploitpack2cvelist1talosblog1checkpoint_advisories1mmpc1prion1cve1zdt1rapid7blog1kitploit1cisa1ics1githubexploit2