Allele Security Alert
Memory exhaustion via a crafted POST request
Mikrotik RouterOS long-term release tree before version 6.44.5
Mikrotik RouterOS stable release tree before version 6.45.1
Mikrotik RouterOS long-term release tree version 6.44.5
Mikrotik RouterOS stable release tree version 6.45.1
Proof of concept
This vulnerability is similiar to the CVE-2018-1157. An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. It’s because of the incomplete fix for the CVE-2018-1157.
Based on the public proof of concept for CVE-2018-1157, crafting a filename ending with many ‘\x00’ can bypass the original fix to trigger the vulnerability.
Qian Chen (Qihoo 360 Nirvan Team)
Two vulnerabilities found in MikroTik’s RouterOS
Long-term release tree
Stable release tree
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 26, 2019