In the course of preparing his Derbycon 8.0 presentation on RouterOS vulnerabilities, Tenable Researcher Jacob Baines discovered more to CVE-2018-14847 than originally known. Here’s how it could allow an unauthenticated remote attacker to gain access to the underlying operating system of MikroTik routers.

MikroTik RouterOS Vulnerabilities: There’s More to CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The remote networking device is running a version of MikroTik RouterOS vulnerable to an unauthenticated arbitrary file read and write vulnerability. An unauthenticated attacker could leverage this vulnerability to read or write protected files on the affected host.
Nessus was able to exploit this vulnerability to retrieve the device credential store.

ID	Name	Product	Family	Severity
502066	MikroTik RouterOS Improper Limitation of a Pathname to a Restricted Directory (CVE-2018-14847)	Tenable OT Security	Tenable.ot	critical
117335	MikroTik RouterOS Winbox Unauthenticated Arbitrary File Read/Write Vulnerability	Nessus	Misc.	critical

Detections

Analytics

CVE-2018-14847

critical

Tenable Plugins

critical

critical