CVE-2018-7445
MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability
CVSS
—
No CVSS
EPSS
61.0%
p99
KEV
YES
Sep 8, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
MikroTik / RouterOS
Vulnerability
MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability
Added to KEV
Sep 8, 2022
Remediate by
Sep 29, 2022
Known ransomware use
No
Summary description
In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.
Required action
Apply updates per vendor instructions.
Notes
https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download; https://nvd.nist.gov/vuln/detail/CVE-2018-7445