MikroTik RouterOS CVE-2018-14847 Authentication Bypass Vulnerability
BID:105269
Info
MikroTik RouterOS CVE-2018-14847 Authentication Bypass Vulnerability
| Bugtraq ID: | 105269 |
| Class: | Access Validation Error |
| CVE: |
CVE-2018-14847 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 02 2018 12:00AM |
| Updated: | Aug 02 2018 12:00AM |
| Credit: | Qihoo 360 Netlab |
| Vulnerable: |
MikroTik Routeros 6.41.3 MikroTik RouterOS 2.9.51 MikroTik RouterOS 2.9.50 MikroTik RouterOS 2.9.49 MikroTik RouterOS 2.9.48 MikroTik RouterOS 2.9.47 MikroTik RouterOS 2.9.46 MikroTik RouterOS 2.9.45 MikroTik RouterOS 2.9.44 MikroTik RouterOS 2.9.43 MikroTik RouterOS 2.9.42 MikroTik RouterOS 2.9.41 MikroTik RouterOS 2.9.40 MikroTik Routeros 6.42 MikroTik RouterOS 6.3 MikroTik RouterOS 6.2 MikroTik RouterOS 5.26 MikroTik RouterOS 5.25 MikroTik RouterOS 5.15 MikroTik RouterOS 5.0 MikroTik RouterOS 4.0 MikroTik RouterOS 3.2 MikroTik RouterOS 3.13 MikroTik RouterOS 3.12 MikroTik RouterOS 3.11 MikroTik RouterOS 3.10 MikroTik RouterOS 3.09 MikroTik RouterOS 3.08 MikroTik RouterOS 3.07 MikroTik RouterOS 3.0 |
| Not Vulnerable: | |
Discussion
MikroTik RouterOS CVE-2018-14847 Authentication Bypass Vulnerability
MikroTik RouterOS is prone to a authentication-bypass vulnerability.
An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks.
MikroTik RouterOS version 6.42 and prior versions are vulnerable.
MikroTik RouterOS is prone to a authentication-bypass vulnerability.
An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks.
MikroTik RouterOS version 6.42 and prior versions are vulnerable.
Exploit / POC
MikroTik RouterOS CVE-2018-14847 Authentication Bypass Vulnerability
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution / Fix
MikroTik RouterOS CVE-2018-14847 Authentication Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.