CVE-2018-7445 (GCVE-0-2018-7445)

Vulnerability from cvelistv5 – Published: 2018-03-19 21:00 – Updated: 2025-10-21 23:45
VLAI? CISA KEV
Summary
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Assigner
References
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 79b0d129-6181-4a0e-8056-4860ee2bb170

Vulnerability ID: CVE-2018-7445

Status: Confirmed

Status Updated: 2022-09-08 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2022-09-08
Asserted: 2022-09-08
Scope
Notes: KEV entry: MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability | Affected: MikroTik / RouterOS | Description: In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download; https://nvd.nist.gov/vuln/detail/CVE-2018-7445
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-119
Feed CISA Known Exploited Vulnerabilities Catalog
Product RouterOS
Due Date 2022-09-29
Date Added 2022-09-08
Vendorproject MikroTik
Vulnerabilityname MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability
Knownransomwarecampaignuse Unknown
References
Created: 2026-02-02 12:27 UTC | Updated: 2026-02-02 12:27 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103427",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103427"
          },
          {
            "name": "20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Mar/38"
          },
          {
            "name": "44290",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44290/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-7445",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T16:27:32.357265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-09-08",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7445"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:55.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7445"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-09-08T00:00:00+00:00",
            "value": "CVE-2018-7445 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-03-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-20T09:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "103427",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103427"
        },
        {
          "name": "20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Mar/38"
        },
        {
          "name": "44290",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44290/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7445",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103427",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103427"
            },
            {
              "name": "20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Mar/38"
            },
            {
              "name": "44290",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44290/"
            },
            {
              "name": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow",
              "refsource": "MISC",
              "url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7445",
    "datePublished": "2018-03-19T21:00:00.000Z",
    "dateReserved": "2018-02-23T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:55.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2018-7445",
      "cwes": "[\"CWE-119\"]",
      "dateAdded": "2022-09-08",
      "dueDate": "2022-09-29",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download; https://nvd.nist.gov/vuln/detail/CVE-2018-7445",
      "product": "RouterOS",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.",
      "vendorProject": "MikroTik",
      "vulnerabilityName": "MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-09-29",
      "cisaExploitAdd": "2022-09-08",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.41.3\", \"matchCriteriaId\": \"DE5AFDA3-472A-4FAC-A92C-F3836E71603F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc11:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BF5F829-70A8-4819-AB6D-05C1666F99B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc12:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8EE1A1D-2DEB-4F42-8446-5DA467D934F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc14:*:*:*:*:*:*\", \"matchCriteriaId\": \"70EEF3DA-9C66-4A3A-B9D3-85B6549499B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc15:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B659F31-6194-4785-B455-1769982CB45D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc18:*:*:*:*:*:*\", \"matchCriteriaId\": \"58206CE0-812F-4A23-BFC3-847C663A9D9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA06DCF1-D620-41F9-919A-3099DA5C834A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc20:*:*:*:*:*:*\", \"matchCriteriaId\": \"E50FE870-2D1C-44B2-A38E-12A09DF158C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc23:*:*:*:*:*:*\", \"matchCriteriaId\": \"68897675-E7C7-4777-B22A-39F1F3653DF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc24:*:*:*:*:*:*\", \"matchCriteriaId\": \"292CEA28-A4C0-4D9F-8193-8EEF25F46B45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc27:*:*:*:*:*:*\", \"matchCriteriaId\": \"884C2425-F41B-441D-AB25-A2751C7D6A07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF44B44C-F37B-46BD-8EB5-929538889EC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"226D0B58-2DE6-471B-AAFC-F04EEF644217\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mikrotik:routeros:6.4.2:rc9:*:*:*:*:*:*\", \"matchCriteriaId\": \"23E5AD72-30D2-499E-85D3-8A573E05B61D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado un desbordamiento de b\\u00fafer en el servicio MikroTik RouterOS SMB al procesar mensajes de petici\\u00f3n de sesi\\u00f3n NetBIOS. Los atacantes remotos con acceso al servicio pueden explotar esta vulnerabilidad y ejecutar c\\u00f3digo en el sistema. El desbordamiento ocurre antes de que tenga lugar la autenticaci\\u00f3n, por lo que es posible para un atacante remoto no autenticado explotarlo. Todas las arquitecturas y dispositivos que ejecutan RouterOS en versiones anteriores a la 6.41.3/6.42rc27 son vulnerables.\"}]",
      "id": "CVE-2018-7445",
      "lastModified": "2024-11-21T04:12:09.040",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-03-19T21:29:01.083",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2018/Mar/38\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/103427\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44290/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Mar/38\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/103427\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44290/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7445\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-03-19T21:29:01.083\",\"lastModified\":\"2025-11-07T19:04:17.633\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un desbordamiento de b\u00fafer en el servicio MikroTik RouterOS SMB al procesar mensajes de petici\u00f3n de sesi\u00f3n NetBIOS. Los atacantes remotos con acceso al servicio pueden explotar esta vulnerabilidad y ejecutar c\u00f3digo en el sistema. El desbordamiento ocurre antes de que tenga lugar la autenticaci\u00f3n, por lo que es posible para un atacante remoto no autenticado explotarlo. Todas las arquitecturas y dispositivos que ejecutan RouterOS en versiones anteriores a la 6.41.3/6.42rc27 son vulnerables.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-09-08\",\"cisaActionDue\":\"2022-09-29\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.41.3\",\"matchCriteriaId\":\"DE5AFDA3-472A-4FAC-A92C-F3836E71603F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAD82B9F-CAA4-431A-BF43-838D3AF73BB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A8EB79F-4E23-4B48-A1A1-7626AB46EFDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD197A47-235B-48A7-9FA9-84FB67C609AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:*:*:*:*\",\"matchCriteriaId\":\"37225B39-D5B1-41DF-9C2F-A3849E5F41AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:*:*:*:*\",\"matchCriteriaId\":\"080A4898-A296-4950-A4F9-559F8E30A6C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB8E89F-C85F-4193-954D-4B490F93D649\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:*:*:*:*\",\"matchCriteriaId\":\"449AAA12-1124-4C9B-8C42-F564E85F9196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:*:*:*:*\",\"matchCriteriaId\":\"38DBFC19-271E-4687-901C-9488155BB4B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC55745-ABB4-4B6E-B158-5BD642DB6D15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E57994-8BF2-4322-A7CE-D5D89F989FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5DFE39F-F4D6-4C89-A4C9-7C6BB2F8DAA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A59F9E-6C26-497D-B4C1-CFE14D01F79A\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2018/Mar/38\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/103427\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44290/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Mar/38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/103427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44290/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7445\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/103427\", \"name\": \"103427\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Mar/38\", \"name\": \"20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44290/\", \"name\": \"44290\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T06:24:11.978Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-7445\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T16:27:32.357265Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-09-08\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7445\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-09-08T00:00:00+00:00\", \"value\": \"CVE-2018-7445 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7445\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T16:27:55.756Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2018-03-15T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/103427\", \"name\": \"103427\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Mar/38\", \"name\": \"20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44290/\", \"name\": \"44290\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2018-03-20T09:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/103427\", \"name\": \"103427\", \"refsource\": \"BID\"}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Mar/38\", \"name\": \"20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow\", \"refsource\": \"FULLDISC\"}, {\"url\": \"https://www.exploit-db.com/exploits/44290/\", \"name\": \"44290\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow\", \"name\": \"https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-7445\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-7445\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:45:55.366Z\", \"dateReserved\": \"2018-02-23T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2018-03-19T21:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.