CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2018-14847

CVSS 9.1v3.1pub. 2018-08-02upd. 2025-11-07

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Mikrotik Routeros

    OS
    Mikrotik
    ≤ 6.42

CISA KEV — detailsi

Vendori
MikroTik
Producti
RouterOS
Added to KEVi
December 1, 2021
Remediation deadline (US Federal)i
June 1, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 1 czerwca 2022
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2018-7445CRITICAL9.8⚠ KEVten sam produkt

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messa...

CVE-2023-30799CRITICAL9.1ten sam produkt

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation i...

CVE-2017-20149CRITICAL9.8ten sam produkt

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37....

CVE-2022-34960CRITICAL9.8ten sam produkt

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symb...

CVE-2025-6443HIGH7.2ten sam produkt

Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote atta...