目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-27686 PoC — Mikrotik RouterOS 资源管理错误漏洞

来源
https://github.com/ThemeHackers/CVE-2024-27686
关联漏洞
标题:Mikrotik RouterOS 资源管理错误漏洞 (CVE-2024-27686)
Description:Mikrotik RouterOS是拉脱维亚Mikrotik公司的一个网络设备操作系统。 Mikrotik RouterOS x86 6.40.5版本至6.49.10版本存在资源管理错误漏洞,该漏洞源于SMB服务处理特制数据包时可能导致远程攻击者造成拒绝服务。
Description
This document describes a Denial of Service (DoS) vulnerability found in certain versions of MikroTik RouterOS. The vulnerability is due to insufficient handling of crafted SMB requests. A remote attacker could exploit this issue by sending a specially crafted request to the target server.
介绍
# MikroTik RouterOS Denial of Service Vulnerability

## 📌 Description

This document describes a **Denial of Service (DoS) vulnerability** found in certain versions of **MikroTik RouterOS**.  
The vulnerability is due to **insufficient handling of crafted SMB requests**. A remote attacker could exploit this issue by sending a specially crafted request to the target server.

> ✅ **Successful exploitation** could result in the **crash or unresponsiveness** of the affected system.

---

## 🎯 Affected Products

| Product              | Affected Versions       |
|----------------------|-------------------------|
| MikroTik RouterOS    | 6.40.5 to 6.44          |
| MikroTik RouterOS    | 6.48.1 to 6.49.10       |

---

## 💥 Impact

- **Denial of Service (DoS)**  
  Remote attackers can crash or disrupt the operation of vulnerable MikroTik RouterOS systems.

---

## 🛡️ Recommended Actions

- 🔄 **Upgrade to the latest patched version** provided by MikroTik.
- 📥 Download the latest version here:  
  👉 [https://mikrotik.com/download](https://mikrotik.com/download)

---

## 📡 Coverage

| IPS Database         | Status           |
|----------------------|------------------|
| IPS (Regular DB)     | ✅ Covered       |
| IPS (Extended DB)    | ✅ Covered       |

---

## 📅 Version Updates

| Date       | Version   | Detail                       |
|------------|-----------|------------------------------|
| 2024-06-03 | 28.799    | Default action: `pass:drop` |
| 2024-05-23 | 27.792    | Initial detection added      |

---

## 📝 References

- MikroTik Official Website: [https://mikrotik.com](https://mikrotik.com)
- CVE (if applicable): _Not specified_

---

> ℹ️ Always keep your systems up to date and monitor vendor advisories for future patches or improvements.
文件快照

 [4.0K]  /data/pocs/978155aa30e96708a6f29204539fa3053bbd8c59
├── [5.3K]  CVE-2024-27686.py
├── [1.7K]  gateway_finder.sh
├── [1.0K]  LICENSE
└── [1.8K]  README.md

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →