vulnerability

MikroTik RouterOS: CVE-2018-7445: Improper Restriction of Operations within the Bounds of a Memory Buffer

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Aug 2, 2018	May 2, 2025	May 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Aug 2, 2018

Added

May 2, 2025

Modified

May 5, 2025

Description

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.

Solution

mikrotik-routeros-upgrade-to-latest

References

CVE-2018-7445
https://attackerkb.com/topics/CVE-2018-7445
URL-https://seclists.org/fulldisclosure/2018/Mar/38
URL-https://nvd.nist.gov/vuln/detail/CVE-2018-7445

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today