Remote code execution exploit was revealed during Vault 7 leak. It is possible, that this vulnerability was used to compromise Mikrotik routers in Slingshot APT campaign.
ChimayRed
Vulnerability details
Advisory: SB2017030703 - Remote code execution in Mikrotik RouterOS HTTP server
Vulnerable component: MikroTik RouterOS
CVE-ID:
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-121 - Stack-based buffer overflow
Description:
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the HTTP server component. A remote attacker can send a specially crafted HTTP POST request to the affected device and trigger stack-based buffer overflow.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the target system.
Note: this vulnerability was disclosed in the "Vault 7" leak by Wikileaks project. The codename of the exploit affecting Mikrotik RouterOS is ChimayRed.
External links: