![]() ![]() The last few years have seen a surge in the number of public vulnerabilities found and reported in MikroTik RouterOS devices. The post describes the full process from target selection to identifying a vulnerability and then producing a working exploit.Dumb fuzzing still found bugs in interesting targets in 2018 (although I’m sure there must be none left for 2019!).The exploit does ROP to mark the heap as executable and jumps to a fixed location in the heap. ![]() The vulnerable binary was not compiled with stack canaries.It was found using dumb-fuzzing assisted with the Mutiny Fuzzer tool from Cisco Talos and reported/fixed about a year ago.CVE-2018–7445 is a stack buffer overflow in the SMB service binary present in all RouterOS versions and architectures prior to 6.41.3/6.42rc27.Finding and exploiting CVE-2018–7445 (unauthenticated RCE in MikroTik’s RouterOS SMB) Summary for the anxious reader ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |