MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45578/ | third party advisory exploit vdb entry |
| https://github.com/BigNerd95/WinboxExploit | third party advisory exploit mitigation |
| https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf | third party advisory broken link exploit |
| https://github.com/BasuCert/WinboxPoC | third party advisory exploit mitigation |
| https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847 | exploit third party advisory |
| https://n0p.me/winbox-bug-dissection/ | exploit third party advisory |
| https://github.com/tenable/routeros/tree/master/poc/bytheway | exploit third party advisory |
| https://mikrotik.com/supportsec/winbox-vulnerability | vendor advisory |