Memory Corruption Vulnerability in Mikrotik RouterOS Web Server
CVE-2017-20149

9.8CRITICAL

Key Information:

Vendor: Mikrotik
Status: Routeros
Vendor: CVE Published:; 15 October 2022

What is CVE-2017-20149?

The Mikrotik RouterOS web server is susceptible to a memory corruption issue that allows remote, unauthenticated users to send specially crafted HTTP requests. This vulnerability enables potential attackers to execute arbitrary code on the affected systems. Exploitation has been observed in real-world attacks since mid-2017, highlighting the importance of updating to the latest stable and long-term releases to mitigate risks.

References

https://github.com/BigNerd95/Chimay-Red

https://www.bleepingcomputer.com/news/security/hajime-bot...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2022
Vulnerability Reserved
Oct 15, 2022