EIP-2026-118899

PRE-CVE

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118899. PoCs published by Omid Shojaei.

AI-analyzed exploit summary This exploit targets Mikrotik RouterOS WinBox (versions 6.29-6.42) to extract administrative credentials, including deleted or disabled users, by sending crafted payloads to the WinBox port (default 8291). It decrypts passwords using a hardcoded MD5-based algorithm and reports credentials via Metasploit.

Description

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Exploits (1)

exploitdb WORKING POC

by Omid Shojaei · pythonremotewindows

https://www.exploit-db.com/exploits/45170

View Code ZIP pw:eip

This exploit targets Mikrotik RouterOS WinBox (versions 6.29-6.42) to extract administrative credentials, including deleted or disabled users, by sending crafted payloads to the WinBox port (default 8291). It decrypts passwords using a hardcoded MD5-based algorithm and reports credentials via Metasploit.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Mikrotik RouterOS WinBox 6.29-6.42

No auth needed

Prerequisites: Network access to WinBox port (default 8291) · Metasploit Framework for reporting

MITRE ATT&CK

T1552.001 - Credentials In Files T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026