关联漏洞
标题:
MikroTik RouterOS 安全漏洞
(CVE-2025-61481)
描述:MikroTik RouterOS是拉脱维亚MikroTik公司的一套基于Linux开发的路由器操作系统。该系统可部署在PC中,使其提供路由器功能。 MikroTik RouterOS 7.14.2版本和SwitchOS 2.18版本存在安全漏洞,该漏洞源于HTTP-only WebFig管理组件存在缺陷,可能导致远程执行任意代码。
描述
CVE-2025-61481
介绍
# 🚨 **CVE-2025-61481 — Critical MikroTik WebFig Vulnerability (RCE + Credential Exposure)**
🕒 Published: 2025 | 💣 CVSS 10.0 (Critical) | 🌐 Affects: RouterOS v7.14.2 & SwitchOS v2.18
---
### 🧩 Overview
A newly disclosed vulnerability, **CVE-2025-61481**, impacts **MikroTik RouterOS (v7.14.2)** and **SwitchOS (v2.18)**.
The issue lies in the **WebFig** management interface, which by default uses **HTTP (unencrypted)** instead of HTTPS.
This configuration sends login credentials and session data in cleartext — allowing attackers on the same network (or a man-in-the-middle position) to intercept, manipulate, and potentially gain **remote code execution (RCE)** on affected devices.
---
### ⚠️ Severity
- **CVSS v3.1 Base Score:** 10.0 — _Critical_
- **Vector:** `AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L`
- **Impact:** Complete takeover of device management, credential theft, and configuration tampering.
---
### 🔍 Technical Summary
- WebFig defaults to **HTTP (port 80)** without automatic HTTPS redirection.
- Credentials are stored in **sessionStorage** and transmitted unencrypted.
- Traffic interception enables credential harvesting or session hijacking.
- Once authenticated, attackers may execute arbitrary commands on the device.
---
### 🧠 Attack Scenario
1. An attacker on the same network performs a **MitM** attack (e.g., ARP spoofing).
2. The victim logs into WebFig via HTTP.
3. Credentials are captured in transit.
4. Attacker logs into the router, executes arbitrary commands, or changes configs remotely.
---
### 🛡️ Mitigation & Defense
✅ **1. Disable HTTP** — Enable and enforce **HTTPS** on WebFig.
✅ **2. Restrict Management Access** — Limit to a trusted admin VLAN or IP range.
✅ **3. Use Encrypted Channels** — Prefer **SSH** or **VPN tunnels** for administration.
✅ **4. Monitor Logs** — Watch for unusual logins or port 80 traffic.
✅ **5. Patch Immediately** — Apply MikroTik’s firmware update once released.
---
### 🧭 Recommendations
If you’re managing MikroTik devices:
- Audit your routers/switches today.
- Force HTTPS for all WebFig access.
- Review your device firewall to block external HTTP management traffic.
---
### 🗣️ Closing Note
This CVE is a strong reminder that **“default” ≠ “secure.”**
Even robust platforms like MikroTik can expose critical surfaces when encryption isn’t enforced by default.
🔒 Always assume unencrypted management = compromised credentials.
文件快照
[4.0K] /data/pocs/746e9ee42bc603884582410e262ae8a73379a98d
└── [2.6K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。