MikroTik RouterOS v6.42 Vulnerability Exploit


MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

This is a proof of concept of the vulnerability (CVE-2018-14847) which allows for arbitrary file read of plain text passwords.
Script:
https://github.com/BasuCert/WinboxPoC

Requirement:
You should install Phyton 3+ because this script will not run with Phyton 2.x or lower.

How to use:
The script is simple used with simple arguments in the command line.
Exploit the vulnerability and read the password

python3 WinboxExploit.py <IP-ADDRESS> [PORT]

Example

$ python3 WinboxExploit.py 172.17.17.17
Connected to 172.17.17.17:8291
Exploit successful
User: admin
Pass: Th3P4ssWord

All RouterOS versions from 2015-05-28 to 2018-04-20 are vulnerable to this exploit. Mikrotik devices running RouterOS versions:

  • Longterm: 6.30.1 – 6.40.7
  • Stable: 6.29 – 6.42
  • Beta: 6.29rc1 – 6.43rc3

For more information see: https://blog.mikrotik.com/security/winbox-vulnerability.html



Hello world!
Adopting Unifi AP to Controller on Different Network or Subnet