漏洞平台

POC详情： 978155aa30e96708a6f29204539fa3053bbd8c59

来源

https://github.com/ThemeHackers/CVE-2024-27686

关联漏洞

疑似Oday

描述

This document describes a Denial of Service (DoS) vulnerability found in certain versions of MikroTik RouterOS. The vulnerability is due to insufficient handling of crafted SMB requests. A remote attacker could exploit this issue by sending a specially crafted request to the target server.

介绍

# MikroTik RouterOS Denial of Service Vulnerability

## 📌 Description

This document describes a **Denial of Service (DoS) vulnerability** found in certain versions of **MikroTik RouterOS**.  
The vulnerability is due to **insufficient handling of crafted SMB requests**. A remote attacker could exploit this issue by sending a specially crafted request to the target server.

> ✅ **Successful exploitation** could result in the **crash or unresponsiveness** of the affected system.

---

## 🎯 Affected Products

| Product              | Affected Versions       |
|----------------------|-------------------------|
| MikroTik RouterOS    | 6.40.5 to 6.44          |
| MikroTik RouterOS    | 6.48.1 to 6.49.10       |

---

## 💥 Impact

- **Denial of Service (DoS)**  
  Remote attackers can crash or disrupt the operation of vulnerable MikroTik RouterOS systems.

---

## 🛡️ Recommended Actions

- 🔄 **Upgrade to the latest patched version** provided by MikroTik.
- 📥 Download the latest version here:  
  👉 [https://mikrotik.com/download](https://mikrotik.com/download)

---

## 📡 Coverage

| IPS Database         | Status           |
|----------------------|------------------|
| IPS (Regular DB)     | ✅ Covered       |
| IPS (Extended DB)    | ✅ Covered       |

---

## 📅 Version Updates

| Date       | Version   | Detail                       |
|------------|-----------|------------------------------|
| 2024-06-03 | 28.799    | Default action: `pass:drop` |
| 2024-05-23 | 27.792    | Initial detection added      |

---

## 📝 References

- MikroTik Official Website: [https://mikrotik.com](https://mikrotik.com)
- CVE (if applicable): _Not specified_

---

> ℹ️ Always keep your systems up to date and monitor vendor advisories for future patches or improvements.

文件快照


 [4.0K]  /data/pocs/978155aa30e96708a6f29204539fa3053bbd8c59
├── [5.3K]  CVE-2024-27686.py
├── [1.7K]  gateway_finder.sh
├── [1.0K]  LICENSE
└── [1.8K]  README.md

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。