Cyber Resilience

CVE-2018-7445

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 19 March 2018

Published
19 March 2018
Modified
07 November 2025
KEV Added
08 September 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8756 99.5th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-7445 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Mikrotik Routeros. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Deeper analysis

A buffer overflow vulnerability exists in the SMB service of MikroTik RouterOS when handling NetBIOS session request messages. The flaw, tracked as CVE-2018-7445 and assigned CWE-119, affects all architectures and devices running RouterOS versions prior to 6.41.3 and 6.42rc27. It occurs in the service component responsible for processing unauthenticated session requests over the network.

Remote attackers with network access to the SMB service can exploit the overflow to achieve arbitrary code execution on the target device. Because the overflow is triggered before any authentication step, the attack requires no credentials and can be carried out by an unauthenticated adversary, resulting in full system compromise as reflected by the CVSS 9.8 score.

Public advisories and exploit references indicate that the issue is resolved by upgrading to RouterOS 6.41.3, 6.42rc27, or later releases. The provided references, including disclosures from Core Security and Exploit-DB, focus on the pre-authentication nature of the flaw and the availability of these patched versions for mitigation.

EU & UK References

Vulnerability details

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication…

more

takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.

CWE(s)
KEV Date Added
08 September 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mikrotik
routeros
6.42 · ≤ 6.41.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of RouterOS patches (6.41.3/6.42rc27+) that eliminate the pre-auth NetBIOS buffer overflow.

prevent

Enforces disabling or restricting the SMB service when not required, eliminating the attack surface for unauthenticated NetBIOS requests.

prevent

Boundary-protection mechanisms (firewalls, ACLs) can block external access to the vulnerable TCP/139 or TCP/445 ports before exploitation occurs.

References