cbcvebase.
CVE-2017-20149
published 2022-10-15

CVE-2017-20149: The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated…

PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
2.55%
83.1th percentile
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

Affected

2 ranges
VendorProductVersion rangeFixed in
mikrotikrouteros< 6.37.56.37.5
mikrotikrouteros>= 6.38 < 6.38.56.38.5

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered by a crafted HTTP request sent to the MikroTik RouterOS web server from a remote, unauthenticated attacker; monitor for anomalous/malformed HTTP requests targeting MikroTik web interfaces
  • ·Vulnerability affects MikroTik RouterOS releases before Stable 6.38.5 and Long-term 6.37.5; patched versions are not vulnerable

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.