Published: 23/08/2018 Updated: 24/08/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Mikrotik RouterOS prior to 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mikrotik routeros

If you haven't already patched your MikroTik router for vulns, then if you could go do that, that would be greeeeaat

The Register • Richard Chirgwin • 11 Oct 2018

MikroTik. Stupid name. Stupid bugs. Get those fixes MikroTik routers grab their pickaxes, descend into the crypto mines

If you haven't installed a batch of patches for bugs in your MikroTik routers – and two thirds of owners apparently haven't – then stiffen the sinews and summon up the blood: you really need to update your firmware. The vulnerabilities, which were addressed by the manufacturer way back in August in software updates, can lead all the way up to remote code execution (RCE) if exploited. We're told that roughly 68 per cent of vulnerable MikroTik gear facing the internet remain unpatched, though....

CVE-2018-1158

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect