Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-27686 PoC — Mikrotik RouterOS 资源管理错误漏洞

Source
https://github.com/ThemeHackers/CVE-2024-27686
Associated Vulnerability
Title:Mikrotik RouterOS 资源管理错误漏洞 (CVE-2024-27686)
Description:Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.
Description
This document describes a Denial of Service (DoS) vulnerability found in certain versions of MikroTik RouterOS. The vulnerability is due to insufficient handling of crafted SMB requests. A remote attacker could exploit this issue by sending a specially crafted request to the target server.
Readme
# MikroTik RouterOS Denial of Service Vulnerability

## 📌 Description

This document describes a **Denial of Service (DoS) vulnerability** found in certain versions of **MikroTik RouterOS**.  
The vulnerability is due to **insufficient handling of crafted SMB requests**. A remote attacker could exploit this issue by sending a specially crafted request to the target server.

> ✅ **Successful exploitation** could result in the **crash or unresponsiveness** of the affected system.

---

## 🎯 Affected Products

| Product              | Affected Versions       |
|----------------------|-------------------------|
| MikroTik RouterOS    | 6.40.5 to 6.44          |
| MikroTik RouterOS    | 6.48.1 to 6.49.10       |

---

## 💥 Impact

- **Denial of Service (DoS)**  
  Remote attackers can crash or disrupt the operation of vulnerable MikroTik RouterOS systems.

---

## 🛡️ Recommended Actions

- 🔄 **Upgrade to the latest patched version** provided by MikroTik.
- 📥 Download the latest version here:  
  👉 [https://mikrotik.com/download](https://mikrotik.com/download)

---

## 📡 Coverage

| IPS Database         | Status           |
|----------------------|------------------|
| IPS (Regular DB)     | ✅ Covered       |
| IPS (Extended DB)    | ✅ Covered       |

---

## 📅 Version Updates

| Date       | Version   | Detail                       |
|------------|-----------|------------------------------|
| 2024-06-03 | 28.799    | Default action: `pass:drop` |
| 2024-05-23 | 27.792    | Initial detection added      |

---

## 📝 References

- MikroTik Official Website: [https://mikrotik.com](https://mikrotik.com)
- CVE (if applicable): _Not specified_

---

> ℹ️ Always keep your systems up to date and monitor vendor advisories for future patches or improvements.
File Snapshot

 [4.0K]  /data/pocs/978155aa30e96708a6f29204539fa3053bbd8c59
├── [5.3K]  CVE-2024-27686.py
├── [1.7K]  gateway_finder.sh
├── [1.0K]  LICENSE
└── [1.8K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →