An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. When testing our proof of concept on an x86 RouterOS VM, Tenable discovered that this vulnerability didn't just crash www but caused the whole system to reboot.
This code was tested on Ubuntu 18.04. There is a dependency on boost and cmake. Simply install them like so:
sudo apt install libboost-dev cmake
To compile simply do the following:
cd winbox_pcap_parser mkdir build cd build cmake ..