CVE-2024-54772

MEDIUM

MikroTik RouterOS <7.17.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-54772. PoCs published by deauther890, Seven11Eleven.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2024-54772, which allows enumeration of valid usernames in MikroTik RouterOS by analyzing response lengths from crafted TCP payloads. The scripts support single username checks and wordlist-based enumeration.

Description

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.

Exploits (2)

nomisec WORKING POC 32 stars
by deauther890 · poc
https://github.com/deauther890/CVE-2024-54772

This repository contains a functional proof-of-concept exploit for CVE-2024-54772, which allows enumeration of valid usernames in MikroTik RouterOS by analyzing response lengths from crafted TCP payloads. The scripts support single username checks and wordlist-based enumeration.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: MikroTik RouterOS v6.43 through v7.17.2 (stable) and v6.43.13 through v6.49.13 (long-term)
No auth needed
Prerequisites: Network access to target device on port 8291 · Wordlist for username enumeration (optional)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Seven11Eleven · poc
https://github.com/Seven11Eleven/CVE-2024-54772

This Rust PoC exploits CVE-2024-54772 to enumerate valid MikroTik router usernames by sending a crafted TCP payload to port 8291 and analyzing the response length. The payload manipulates the first byte to include the username length and checks for specific response sizes to determine validity.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: MikroTik RouterOS (version not specified)
No auth needed
Prerequisites: Network access to the target router's port 8291
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/deauther890/CVE-2024-54772

Scores

CVSS v3 5.4
EPSS 0.0071
EPSS Percentile 48.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-208
Status published
Products (2)
mikrotik/routeros 6.43 - 6.49.18
mikrotik/routeros 6.43.13 - 6.49.13
Published Feb 11, 2025
Tracked Since Feb 18, 2026