CVE-2018-1157
published 2018-08-23CVE-2018-1157: Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and…
PriorityP335medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
EPSS
4.38%
90.1th percentile
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mikrotik | routeros | < 6.40.9 | 6.40.9 |
| mikrotik | routeros | < 6.42.7 | 6.42.7 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
blogs_tenable·2018-10-07·CVSS 8.8
[HIGH] Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
Blog / Research
Subscribe
# Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
Tenable Research
October 7, 2018
3 Min Read
Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system access.
Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers. Jacob Baines, the Tenable researcher who made the discovery, presented the talk "Bug Hunting in RouterOS" at Derbycon on October 7. The vulnerabilities include CVE-2018-1156 -- an authenticated remote code execution (RCE) -- as well as a file upload memory exhaustion (CVE-2018-1157), a www memory corruption (CVE-201
Tenable
Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
blogs_tenable·2018-10-07
Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
[R1] Mikrotik RouterOS Multiple Authenticated Vulnerabilities
blogs_tenable·2018-08-22
[R1] Mikrotik RouterOS Multiple Authenticated Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://seclists.org/fulldisclosure/2019/Jul/20https://mikrotik.com/download/changelogshttps://mikrotik.com/download/changelogs/bugfix-release-treehttps://www.tenable.com/security/research/tra-2018-21http://seclists.org/fulldisclosure/2019/Jul/20https://mikrotik.com/download/changelogshttps://mikrotik.com/download/changelogs/bugfix-release-treehttps://www.tenable.com/security/research/tra-2018-21
2018-08-23
Published