CVE-2017-20149
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.
El servidor web Mikrotik RouterOS permite una corrupción de memoria en versiones anteriores a Stable 6.38.5 y Long-term 6.37.5, también se conoce como Chimay-Red. Un usuario remoto y no autenticado puede desencadenar la vulnerabilidad mediante el envío de una petición HTTP diseñada. Un atacante puede utilizar esta vulnerabilidad para ejecutar código arbitrario en el sistema afectado, como fue explotado "in the wild" mediados de 2017 y más tarde
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-15 CVE Reserved
- 2022-10-15 CVE Published
- 2024-05-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/BigNerd95/Chimay-Red | 2024-08-05 | |
https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mikrotik Search vendor "Mikrotik" | Routeros Search vendor "Mikrotik" for product "Routeros" | < 6.37.5 Search vendor "Mikrotik" for product "Routeros" and version " < 6.37.5" | ltr |
Affected
| ||||||
Mikrotik Search vendor "Mikrotik" | Routeros Search vendor "Mikrotik" for product "Routeros" | >= 6.38 < 6.38.5 Search vendor "Mikrotik" for product "Routeros" and version " >= 6.38 < 6.38.5" | - |
Affected
|