CVE-2018-14847 — MikroTik Router OS Directory Traversal Vulnerability
2021-12-01 • CISA Known Exploited Vulnerability
[event] MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | MikroTik |
| Product | RouterOS |
| CWE | CWE-22 |
| CVE ID | CVE-2018-14847 |
| Date Added | 2021-12-01 |
| Due Date | 2022-06-01 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-06-01