Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-14847
HistoryAug 02, 2018 - 7:29 a.m.

CVE-2018-14847

2018-08-0207:29:00
CWE-22
[email protected]
web.nvd.nist.gov
8

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.974

Percentile

100.0%

JSON

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Affected configurations

Nvd
Node
mikrotikrouterosRange6.42
VendorProductVersionCPE
mikrotikrouteros*cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*

Related

exploitdb 2
nessus 2
packetstorm 2
malwarebytes 1
thn 7
mssecure 1
threatpost 6
attackerkb 1
openvas 2
cve 1
exploitpack 2
cisa_kev 1
zdt 1
impervablog 2
hackread 1
cvelist 1
talosblog 1
checkpoint_advisories 1
prion 1
mmpc 1
rapid7blog 1
cisa 1
kitploit 1
ics 1
githubexploit 2
exploitdb
exploitdb
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
2018-08-17 00:00:00
MicroTik RouterOS < 6.43rc3 - Remote Root
2018-10-10 00:00:00
nessus
nessus
MikroTik RouterOS Winbox Unauthenticated Arbitrary File Read/Write Vulnerability
2018-09-06 00:00:00
MikroTik RouterOS Path Traversal (CVE-2018-14847)
2024-02-27 00:00:00
packetstorm
packetstorm
Mikrotik RouterOS Remote Root
2018-10-10 00:00:00
Mikrotik WinBox 6.42 Credential Disclosure
2018-08-17 00:00:00
malwarebytes
malwarebytes
Fake browser update seeks to compromise more MikroTik routers
2018-10-12 15:00:06
thn
thn
Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks
2022-03-05 07:53:00
Mēris Botnet Hit Russia's Yandex With Massive 22 Million RPS DDoS Attack
2021-09-11 11:18:00
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control
2022-03-17 10:05:00
mssecure
mssecure
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
2022-03-16 15:00:00
threatpost
threatpost
Massive Meris Botnet Embeds Ransomware Notes from REvil
2022-03-04 22:46:59
Yandex Pummeled by Potent Meris DDoS Botnet
2021-09-10 16:31:14
Thousands of MikroTik Routers Hijacked for Eavesdropping
2018-09-04 18:34:10
attackerkb
attackerkb
CVE-2018-14847
2018-08-02 00:00:00
openvas
openvas
Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability - Version Check
2018-04-25 00:00:00
Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability - Active Check
2018-07-06 00:00:00
cve
cve
CVE-2018-14847
2018-08-02 07:29:00
exploitpack
exploitpack
MicroTik RouterOS 6.43rc3 - Remote Root
2018-10-10 00:00:00
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
2018-08-17 00:00:00
cisa_kev
cisa_kev
MikroTik Router OS Directory Traversal Vulnerability
2021-12-01 00:00:00
zdt
zdt
MicroTik RouterOS < 6.43rc3 - Remote Root Exploit
2018-10-10 00:00:00
impervablog
impervablog
The 3 Biggest DDoS Attacks Imperva Has Mitigated
2022-05-31 15:12:48
Imperva Mitigates Ransom DDoS Attack Measuring 2.5 Million Requests per Second
2022-03-04 15:21:44
hackread
hackread
MikroTik router vulnerability lets hackers bypass firewall to load malware undetected
2018-10-09 17:37:16
cvelist
cvelist
CVE-2018-14847
2018-08-02 07:00:00
talosblog
talosblog
VPNFilter III: More Tools for the Swiss Army Knife of Malware
2018-09-26 07:59:00
checkpoint_advisories
checkpoint_advisories
MikroTik RouterOS Winbox Authentication Bypass (CVE-2018-14847)
2018-08-06 00:00:00
prion
prion
Directory traversal
2018-08-02 07:29:00
mmpc
mmpc
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
2022-03-16 15:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2020-11-06 19:55:51
cisa
cisa
CISA Adds Five Known Exploited Vulnerabilities to Catalog
2021-12-01 00:00:00
kitploit
kitploit
Darksplitz - Exploit Framework
2019-04-04 21:12:00
ics
ics
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
2022-06-10 12:00:00
githubexploit
githubexploit
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.974

Percentile

100.0%

JSON
Related for NVD:CVE-2018-14847
exploitdb2nessus2packetstorm2malwarebytes1thn7mssecure1threatpost6attackerkb1openvas2cve1exploitpack2cisa_kev1zdt1impervablog2hackread1cvelist1talosblog1checkpoint_advisories1prion1mmpc1rapid7blog1cisa1kitploit1ics1githubexploit2