CVE-2018-1156

HIGH

Mikrotik RouterOS <6.42.7,6.40.9 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1156. PoCs published by JonathanInfinity01.

AI-analyzed exploit summary This repository contains a technical writeup and evidence (screenshots) related to CVE-2018-1156, a stack overflow RCE vulnerability in MikroTik RouterOS. It includes OSINT investigation details, service enumeration, and CVE correlation but no functional exploit code.

Description

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.

Exploits (1)

nomisec WRITEUP
by JonathanInfinity01 · poc
https://github.com/JonathanInfinity01/SOC-L1-OSINT-Investigation-MikroTik-CVE-2018-1156

This repository contains a technical writeup and evidence (screenshots) related to CVE-2018-1156, a stack overflow RCE vulnerability in MikroTik RouterOS. It includes OSINT investigation details, service enumeration, and CVE correlation but no functional exploit code.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: MikroTik RouterOS
No auth needed
Prerequisites: Exposed MikroTik RouterOS Bandwidth-Test service on port 2000/TCP
devstral-2 · analyzed Jun 13, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2018-21
Vendor Advisory x_refsource_confirm
https://mikrotik.com/download/changelogs

Scores

CVSS v3 8.8
EPSS 0.0737
EPSS Percentile 93.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
mikrotik/routeros < 6.40.9
mikrotik/routeros < 6.42.7
Published Aug 23, 2018
Tracked Since Feb 18, 2026