CVE-2018-10070
MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.
Una vulnerabilidad en MikroTik, versión 6.41.4, podría permitir que un atacante remoto no autenticado agote la CPU y toda la RAM disponible mediante el envío de una petición FTP en el puerto 21 que comienza por muchos caracteres "\0", lo que evita que el router afectado acepte nuevas conexiones FTP. El router se reiniciará tras 10 minutos, mostrando un mensaje de "router was rebooted without proper shutdown".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-04-12 CVE Reserved
- 2018-04-13 CVE Published
- 2023-09-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/44450 | 2024-08-05 | |
http://packetstormsecurity.com/files/147183/MikroTik-6.41.4-Denial-Of-Service.html | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mikrotik Search vendor "Mikrotik" | Router Firmware Search vendor "Mikrotik" for product "Router Firmware" | 6.41.4 Search vendor "Mikrotik" for product "Router Firmware" and version "6.41.4" | - |
Affected
| in | Mikrotik Search vendor "Mikrotik" | Router Search vendor "Mikrotik" for product "Router" | - | - |
Safe
|