08 October 18, 13:42
Quote: Researchers have warned that a known vulnerability in the firmware of MikroTik routers is potentially far more dangerous than previously believed.
The bug in question, CVE-2018-14847, is present in the Winbox administration utility of MikroTik's RouterOS through 6.42 and allows "remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID."
While classified as a directory traversal bug of medium severity, researchers from Tenable Research say the vulnerability can be used to remotely execute code due to a new attack method.
Source: https://www.zdnet.com/article/known-mikr...ot-access/