KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2017-20149

PUBLISHED

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Mikrotik
Product
RouterOS
Published
Oct 15, 2022
EPSS

Description

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

edge

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2022-10-15 00:00:00 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE Oct 15, 2022

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel