CVE-2018-14847
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-14847
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Winbox for MikroTik RouterOS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MikroTik RouterOS是一套路由操作系统。Winbox for MikroTik RouterOS是一个用于管理MikroTik RouterOS系统的应用程序。 Winbox for MikroTik RouterOS 6.42及之前版本中存在安全漏洞。远程攻击者可通过修改请求利用该漏洞绕过身份验证并读取任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2018-14847
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847) | https://github.com/BasuCert/WinboxPoC | POC Details |
| 2 | C# implementation of BasuCert/WinboxPoC [Winbox Critical Vulnerability (CVE-2018-14847)] | https://github.com/msterusky/WinboxExploit | POC Details |
| 3 | Automated version of CVE-2018-14847 (MikroTik Exploit) | https://github.com/syrex1013/MikroRoot | POC Details |
| 4 | MikroTik RouterOS Winbox未经身份验证的任意文件读/写漏洞 | https://github.com/jas502n/CVE-2018-14847 | POC Details |
| 5 | Mass MikroTik WinBox Exploitation tool, CVE-2018-14847 | https://github.com/mahmoodsabir/mikrotik-beast | POC Details |
| 6 | Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847) | https://github.com/Tr33-He11/winboxPOC | POC Details |
| 7 | PoC of CVE-2018-14847 Mikrotik Vulnerability using simple script | https://github.com/sinichi449/Python-MikrotikLoginExploit | POC Details |
| 8 | None | https://github.com/yukar1z0e/CVE-2018-14847 | POC Details |
| 9 | This is a proof of concept of the critical WinBox vulnerability (CVE-2018-14847) which allows for arbitrary file read of plain text passwords. The vulnerability has long since been fixed, so this project has ended and will not be supported or updated anymore. You can fork it and update it yourself instead. | https://github.com/hacker30468/Mikrotik-router-hack | POC Details |
| 10 | By the Way is an exploit that enables a root shell on Mikrotik devices running RouterOS versions: | https://github.com/babyshen/routeros-CVE-2018-14847-bytheway | POC Details |
| 11 | None | https://github.com/K3ysTr0K3R/CVE-2018-14847-EXPLOIT | POC Details |
| 12 | This is a proof of concept of the critical WinBox vulnerability (CVE-2018-14847) which allows for arbitrary file read of plain text passwords. The vulnerability has long since been fixed, so this project has ended and will not be supported or updated anymore. You can fork it and update it yourself instead. | https://github.com/tausifzaman/CVE-2018-14847 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-14847
请登录查看更多情报信息。
- https://n0p.me/winbox-bug-dissection/x_refsource_MISC
- https://github.com/tenable/routeros/tree/master/poc/bythewayx_refsource_MISC
- https://github.com/BasuCert/WinboxPoCx_refsource_MISC
- https://github.com/BigNerd95/WinboxExploitx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-14847
Same Patch Batch · n/a · 2018-08-02 · 12 CVEs total
| CVE-2018-14835 | Subrion CMS 跨站脚本漏洞 | |
| CVE-2018-14836 | Subrion 访问控制错误漏洞 | |
| CVE-2018-14838 | rejucms 跨站脚本漏洞 | |
| CVE-2018-14840 | Subrion CMS 跨站脚本漏洞 | |
| CVE-2017-9118 | PHP 缓冲区错误漏洞 | |
| CVE-2017-9120 | PHP 数字错误漏洞 | |
| CVE-2018-7649 | Monitorix 跨站脚本漏洞 | |
| CVE-2018-14851 | PHP 缓冲区错误漏洞 | |
| CVE-2018-14858 | idreamsoft iCMS 安全漏洞 | |
| CVE-2017-6213 | paypal/invoice-sdk-php 跨站脚本漏洞 | |
| CVE-2017-6215 | paypal/permissions-sdk-php 跨站脚本漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2018-14847
No comments yet