CVE-2018-1156
published 2018-08-23CVE-2018-1156: Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically…
PriorityP356high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
7.37%
93.6th percentile
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mikrotik | routeros | < 6.40.9 | 6.40.9 |
| mikrotik | routeros | < 6.42.7 | 6.42.7 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
Characterising attacks targeting low-cost routers: a MikroTik case study (Extended)
arxiv_fulltext·2020-11-03
Characterising attacks targeting low-cost routers: a MikroTik case study (Extended)
empty
## Introduction
Network infrastructure devices have been actively exploited by cyber
actors . A variety of
attacks can be carried out by abusing such devices. In 2018, more than
half a million low-cost routers were infected by the VPNFilter
malware . With a view to disrupting that malware
campaign, the Federal Bureau of Investigation
(FBI) issued an urgent request for users to reboot
their routers. In the same year, there were several other campaigns
aimed at low-cost routers (e.g. GhostDNS malware, Navidade and
SonarDNS) . Infrastructure devices can be used
for last-mile access as well as to manage interdomain routing (BGP).
Half of the core routers used in one of the biggest internet exchanges
in the world (connecting 1467 autonomous
systems) are manufactured by MikroTik. This
m
Tenable
Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
blogs_tenable·2018-10-07·CVSS 8.8
[HIGH] Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
Blog / Research
Subscribe
# Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
Tenable Research
October 7, 2018
3 Min Read
Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system access.
Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers. Jacob Baines, the Tenable researcher who made the discovery, presented the talk "Bug Hunting in RouterOS" at Derbycon on October 7. The vulnerabilities include CVE-2018-1156 -- an authenticated remote code execution (RCE) -- as well as a file upload memory exhaustion (CVE-2018-1157), a www memory corruption (CVE-201
Tenable
Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
blogs_tenable·2018-10-07
Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
[R1] Mikrotik RouterOS Multiple Authenticated Vulnerabilities
blogs_tenable·2018-08-22
[R1] Mikrotik RouterOS Multiple Authenticated Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2018-11625 ImageMagick: heap-based buffer over-read in SetGrayscaleImage in the quantize.c
bugzilla·2018-05-31·CVSS 8.8
CVE-2018-11625 [HIGH] CVE-2018-11625 ImageMagick: heap-based buffer over-read in SetGrayscaleImage in the quantize.c
CVE-2018-11625 ImageMagick: heap-based buffer over-read in SetGrayscaleImage in the quantize.c
A flaw was found in ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
References:
https://github.com/ImageMagick/ImageMagick/issues/1156
Patch:
https://github.com/ImageMagick/ImageMagick/commit/5294966898532a6bd54699fbf04edf18902513ac
Discussion:
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1584905]
---
Statement:
This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.
https://mikrotik.com/download/changelogshttps://mikrotik.com/download/changelogs/bugfix-release-treehttps://www.tenable.com/security/research/tra-2018-21https://mikrotik.com/download/changelogshttps://mikrotik.com/download/changelogs/bugfix-release-treehttps://www.tenable.com/security/research/tra-2018-21
2018-08-23
Published