Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2018-7445
PUBLISHEDA buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to...
- Vendor
- MikroTik
- Product
- RouterOS
- Published
- Mar 19, 2018
- EPSS
- —
Description
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitation status
Exploited in the wild
Recorded 2022-09-08 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Sep 08, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nessus | https://www.tenable.com/plugins/nessus/502060 | Jun 02, 2025 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nessus