CVE-2018-14847CISA KEV: Actively Exploited

MikroTik Router OS Directory Traversal Vulnerability

Published Dec 1, 2021·Updated Dec 1, 2021

Description

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Public Exploits & PoCs14 found

PoC: WinboxPoC

Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847)

466

PoC: CVE-2018-14847

MikroTik RouterOS Winbox未经身份验证的任意文件读/写漏洞

22

PoC: MikroRoot

Automated version of CVE-2018-14847 (MikroTik Exploit)

15

PoC: Python-MikrotikLoginExploit

PoC of CVE-2018-14847 Mikrotik Vulnerability using simple script

13

PoC: Mikrotik-router-hack

This is a proof of concept of the critical WinBox vulnerability (CVE-2018-14847) which allows for arbitrary file read of plain text passwords. The vulnerability has long since been fixed, so this project has ended and will not be supported or updated anymore. You can fork it and update it yourself instead.

6

PoC: WinboxExploit

C# implementation of BasuCert/WinboxPoC [Winbox Critical Vulnerability (CVE-2018-14847)]

5

PoC: mikrotik-beast

Mass MikroTik WinBox Exploitation tool, CVE-2018-14847

2

PoC: CVE-2018-14847

C̷̫͙̦͒̈́̕͜V̵̺̟̘̮̩̻͕͎̝͌͆̀̒͗͠Ę̴̻͇͉͍̍͒̈̕-̸͚̰̺̓͑̓̓͂͒̈̈́͠͝2̸̨̳̘̞̰̹̻̟̅̽͐͝0̵̡̭̋̈́̅͐̉1̵̡̧͔͙̋̈́̔ͅ8̴̡̛͓͖̟̣̒̆̈́́̾̓̕ͅ-̸̺̣̰̓̊͗͒͘͝1̴̭̻̰̉̔͜͜͝4̷̤̍̈́͂̊͐8̷̬̠̓̄̈́̂̚͠4̶̨̢̧̢̺͈̰̹̑̾́͊̈́͜͠7̵̬̲̩̎͋͌̅̍́̎͋͝ ̵̨̞̥̪̝̤̻́̐̇̎͘̚M̴̩͆͑̒̆ị̷̰̱͕̗̝̍͂k̵̢̯͍̄́̉̅̚͘r̷̛͍̉̈́́͌͑o̸͕̘̳̫̞̠͎̿t̶̛̼͚̦̼̳̪̳͉̔̿̋̄̆̋̈́̚͜i̶͈̮͙͊̌͛̈́̈́̅̕͝k̸̛̳͙̺͍̫̟̤͉̫͐ͅ ̶̰̼̹̫̝̦͑̈́͌̌̎̽͐͘͠P̴̛͖̦͚̬̈́͐̑͑͒̌́͠͠ͅÿ̵͎̬̦̻̝̮̬́̈͗̑̄̑̄͝ṭ̴̘͔͙͍̙̈́̋̚͝ḩ̴̨̾̃́̿̐̎͋͌o̷̢̠͈̰̪̦͔̮̾̃̽̔̈́̍͊́͑ń̵̢̢̨͓̞̥̳̱͖̔͌̅͂͊̄͐̏̉ ̷̢̣͈͍̭͆̏͜Ë̸̛̲̑͂x̸̢̨̪͓͕̥̽̍̓̚͝͠p̶̖̟͇̮̒̈̈͂̅̀̊̅ļ̵̧̙̣̘̦̪̲͓̈́̃ͅo̴͕̐̈́̚ĭ̸̻̖̩̯̬̤͓̖̱͋́͜t̶̩̟͈̟̠̹̆̌̀́̈̈́

1

PoC: VULNERAVEL-CVE-2018-14847---CREDENCIAIS-EXTRAIDAS

VULNERAVEL CVE-2018-14847 - CREDENCIAIS EXTRAIDAS MIKROTIK EM PYTHON

PoC: CVE-2018-14847

Analysis and PoC for CVE-2018-14847, MikroTik RouterOS Winbox information disclosure vulnerability allowing unauthenticated read access to the credential database.

PoC: CVE-2018-14847

This is a proof of concept of the critical WinBox vulnerability (CVE-2018-14847) which allows for arbitrary file read of plain text passwords. The vulnerability has long since been fixed, so this project has ended and will not be supported or updated anymore. You can fork it and update it yourself instead.

PoC: CVE-2018-14847-EXPLOIT

A PoC exploit for CVE-2018-14847 - MikroTik WinBox File Read

PoC: routeros-CVE-2018-14847-bytheway

y the Way is an exploit that enables a root shell on Mikrotik devices running RouterOS versions:

PoC: winboxPOC

Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847)

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free