CVE-2018-10070
Last modified
CVE-2018-10070 is a vulnerability of currently unknown severity. A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.. EPSS estimates a 12.99% chance of exploitation in the next 30 days.
Description
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mikrotik | Router Firmware | 6.41.4 |
References
- http://packetstormsecurity.com/files/147183/MikroTik-6.41.4-Denial-Of-Service.htmlExploit, Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/44450/Exploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/147183/MikroTik-6.41.4-Denial-Of-Service.htmlExploit, Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/44450/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10070?
How severe is CVE-2018-10070?
How do I fix CVE-2018-10070?
Are you affected by CVE-2018-10070?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST