![]() What’s the attack vector? Attackers could use default credentials, frequently left unchanged on routers, to exploit these vulnerabilities. ![]() The vulnerabilities include an authenticated RCE, a file upload memory exhaustion and a recursive parsing stack exhaustion. What do you need to know? Tenable Research has discovered multiple vulnerabilities in a proprietary operating system, RouterOS, used by MikroTik routers.The vulnerabilities include CVE-2018-1156 - an authenticated remote code execution (RCE) - as well as a file upload memory exhaustion (CVE-2018-1157), a They were tested against RouterOS 6.42.3 (release date: 05-25-2018) using the x86 ISO. Jacob Baines, the Tenable researcher who made the discovery, presented the talk "Bug Hunting in RouterOS" at Derbycon on October 7. Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers. Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system access.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |