Skip to content

0day-mikrotik is a security tool designed to identify and exploit vulnerabilities in MikroTik routers, enabling security researchers to assess the resilience of their network infrastructure.

Notifications You must be signed in to change notification settings

mrmtwoj/0day-mikrotik

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 

Repository files navigation

Project Information

Name Project :0day Mikrotik | Mikrotik WinBox Exploit

CVE :CVE-2018-14847

Last version :1.0.0

Last updated : 25/07/2018

Defective version: Mikrotik WinBox 6.42

Programming language : Python

youtube : https://youtu.be/h6JSNFhQUN8

Company name : acyber (IT Security Lab Iran)

Mikrotik

MikroTik is a Latvian company which was founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in most of the countries around the world. Our experience in using industry standard PC hardware and complete routing systems allowed us in 1997 to create the RouterOS software system that provides extensive stability, controls, and flexibility for all kinds of data interfaces and routing. In 2002 we decided to make our own hardware, and the RouterBOARD brand was born. We have resellers in most parts of the world, and customers in probably every country on the planet. Our company is located in Riga, the capital city of Latvia and has more than 140 employees.
From Winbox v3.14, the following security features are used:
Winbox.exe is signed with an Extended Validation certificate, issued by SIA Mikrotīkls (MikroTik).
WinBox uses ECSRP for key exchange and authentication (requires new winbox version).
Both sides verify that other side knows password (no man in the middle attack is possible).
Winbox in RoMON mode requires that agent is the latest version to be able to connect to latest version routers.
Winbox uses AES128-CBC-SHA as encryption algorithm (requires winbox version 3.14 or above).

Contacts

About

0day-mikrotik is a security tool designed to identify and exploit vulnerabilities in MikroTik routers, enabling security researchers to assess the resilience of their network infrastructure.

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages