CVE-2017-20149

CRITICAL EXPLOITED IN THE WILD

Mikrotik RouterOS <6.38.5 - Long-term 6.37.5 - Memory Corruption

Title source: llm

Description

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

Exploits (1)

vulncheck_xdb WORKING POC

remote

https://github.com/seekintoo/Chimay-Red

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/BigNerd95/Chimay-Red

View Writeup ZIP pw:eip

[Exploit, Third Party Advisory] https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/

Scores

CVSS v3 9.8

EPSS 0.0630

EPSS Percentile 91.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2018-03-28

InTheWild.io 2017-06-01

CWE

CWE-787

Status published

Products (2)

mikrotik/routeros < 6.37.5

mikrotik/routeros 6.38 - 6.38.5

Published Oct 15, 2022

Tracked Since Feb 18, 2026