← back
CVE-2018-10070

CVE-2018-10070

EPSS 13.0%
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/147183/MikroTik-6.41.4-Denial-Of-Service.htmlunverifiedcve_referencewww.exploit-db.com/exploits/44450/unverifiedexploitdbwww.exploit-db.com/exploits/44450unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/147183/MikroTik-6.41.4-Denial-Of-Service.htmlhttps://www.exploit-db.com/exploits/44450/