Multiple vulnerabilities disclosed for Mikrotik Routers

Reference:
Advisory #2018-27

Version:
1.0

Affected software:
Mikrotik RouterOS firmware versions before 6.42.7 and 6.40.9.

Type:
Remote Code Execution, privilege escalation, Denial of Service

CVE/CVSS:

• CVE-2018-14847
• CVE-2018-1156
• CVE-2018-1157
• CVE-2018-1158
• CVE-2018-11559

Sources

https://thehackernews.com/2018/10/router-hacking-exploit.html

Risks

Successful exploitation of the first two vulnerabilities listed below can result in privilege escalation allowing attackers to gain full system access and access to any internal system that uses the router.
Successful exploitation of the last 3 vulnerabilities listed below can result in a denial of service attack allowing the attackers to prevent proper usage of the system causing economical and/or possible physical damage.

Description

• CVE-2018-14847, The vulnerability allows "remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID.
• CVE-2018-1156—A stack buffer overflow flaw that could allow an authenticated remote code execution, allowing attackers to gain full system access and access to any internal system that uses the router.
• CVE-2018-1157—A file upload memory exhaustion flaw that allows an authenticated remote attacker to crash the HTTP server.
• CVE-2018-1159—A www memory corruption flaw that could crash the HTTP server by rapidly authenticating and disconnecting.
• CVE-2018-1158—A recursive parsing stack exhaustion issue that could crash the HTTP server via recursive parsing of JSON.

The vulnerabilities impact Mikrotik RouterOS firmware versions before 6.42.7 and 6.40.9.

Recommended Actions

CERT.be recommends users to always keep their systems up to date and if default credentials are used on the router, to change the default password and keep a unique, long and complex password.
Patches can be downloaded at the vendors website : https://mikrotik.com/download

References