← Voltar para CVEs
CVE-2018-7445
CRITICALCISA KEV9.8
Descricao
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/19/2018
Ultima modificacao11/7/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMikroTik
ProdutoRouterOS
Nome da vulnerabilidadeMikroTik RouterOS Stack-Based Buffer Overflow Vulnerability
Data inclusao KEV2022-09-08
Prazo de remediacao2022-09-29
Uso em ransomwareUnknown
Produtos afetados
mikrotik:routeros
Fraquezas (CWE)
CWE-119CWE-119
Referencias
http://seclists.org/fulldisclosure/2018/Mar/38(cve@mitre.org)
http://www.securityfocus.com/bid/103427(cve@mitre.org)
https://www.exploit-db.com/exploits/44290/(cve@mitre.org)
http://seclists.org/fulldisclosure/2018/Mar/38(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/103427(af854a3a-2127-422b-91ae-364da2661108)
https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44290/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7445(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.