MikroTik RouterOS v6.42 Vulnerability Exploit
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
This is a proof of concept of the vulnerability (CVE-2018-14847) which allows for arbitrary file read of plain text passwords.
You should install Phyton 3+ because this script will not run with Phyton 2.x or lower.
How to use:
The script is simple used with simple arguments in the command line.
Exploit the vulnerability and read the password
python3 WinboxExploit.py <IP-ADDRESS> [PORT]
$ python3 WinboxExploit.py 172.17.17.17 Connected to 172.17.17.17:8291 Exploit successful User: admin Pass: Th3P4ssWord
All RouterOS versions from 2015-05-28 to 2018-04-20 are vulnerable to this exploit. Mikrotik devices running RouterOS versions:
- Longterm: 6.30.1 – 6.40.7
- Stable: 6.29 – 6.42
- Beta: 6.29rc1 – 6.43rc3
For more information see: https://blog.mikrotik.com/security/winbox-vulnerability.html