A patched vulnerability in MikroTik routers that researchers once believed could only be exploited to read affected files turns out to be far more serious, as it can also allow attackers to write over these same files.
That means the vulnerability, known as directory traversal bug CVE-2018-14847, can actually be abused to commit remote code execution, warned Tenable researcher Jacob Baines, who discovered the new twist on the flaw and detailed his findings this past weekend at the Derbycon computer security conference in Louisville, Ky.
According to NIST’s National Vulnerability Database, the issue is located in the Winbox utility component of MikroTik RouterOS through 6.42. The bug “allows remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID,” it the NVD entry says.
But as initially reported by Threatpost, Bained found the flaw can be further exploited to obtain root shell access, bypass router firewall protections, create a backdoor into the network, and write code or load malware. This essentially allows attackers who exploit the flaw to take full control of the computer, Baines confirmed with SC Media in a brief interview.
More details on Baines’ discovery, including his Derbycon presentation slides and proof-of-concept code, can be found on Tenable’s public GitHub page.