Skip to main content

CVE-2017-20149: n/a in n/a

Critical
VulnerabilityCVE-2017-20149cvecve-2017-20149
Published: Sat Oct 15 2022 (10/15/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

AI-Powered Analysis

AILast updated: 07/06/2025, 15:25:50 UTC

Technical Analysis

CVE-2017-20149 is a critical remote code execution vulnerability affecting the Mikrotik RouterOS web server in versions prior to Stable 6.38.5 and Long-term 6.37.5, also known as Chimay-Red. The vulnerability arises from a memory corruption issue (classified under CWE-787: Out-of-bounds Write) that can be triggered by an unauthenticated remote attacker sending a specially crafted HTTP request to the RouterOS web server. This flaw allows the attacker to execute arbitrary code on the affected device without requiring any authentication or user interaction. Exploitation of this vulnerability can lead to full compromise of the router, enabling attackers to control network traffic, intercept sensitive data, or use the device as a pivot point for further attacks within the network. The vulnerability was actively exploited in the wild starting mid-2017, highlighting its practical risk. The CVSS v3.1 base score is 9.8 (critical), reflecting the high impact on confidentiality, integrity, and availability, combined with ease of exploitation over the network without privileges or user interaction. Mikrotik RouterOS is widely used in enterprise, ISP, and small-to-medium business environments for routing and network management, making this vulnerability particularly dangerous. The lack of patch links in the provided data suggests users must ensure upgrading to at least Stable 6.38.5 or Long-term 6.37.5 to remediate the issue. Given the criticality and the nature of the flaw, affected devices should be considered compromised until patched and fully audited.

Potential Impact

For European organizations, the impact of CVE-2017-20149 can be severe. Mikrotik devices are commonly deployed in various sectors including telecommunications providers, enterprises, and government networks across Europe. Successful exploitation can lead to unauthorized control over network infrastructure, allowing attackers to intercept or manipulate sensitive communications, disrupt network availability, or launch further attacks against internal systems. This can result in data breaches, service outages, and loss of trust. Critical infrastructure operators and ISPs in Europe relying on Mikrotik RouterOS are particularly at risk, as compromise of routing devices can have cascading effects on network stability and security. Additionally, the ability to execute arbitrary code remotely without authentication increases the likelihood of widespread exploitation, especially if devices remain unpatched. The vulnerability also poses risks to GDPR compliance due to potential unauthorized access to personal data traversing compromised routers.

Mitigation Recommendations

1. Immediate upgrade of all Mikrotik RouterOS devices to Stable version 6.38.5 or Long-term version 6.37.5 or later is essential to remediate the vulnerability. 2. Network administrators should audit their environments to identify all Mikrotik devices and verify their firmware versions. 3. Implement network segmentation to isolate critical routing devices from untrusted networks, reducing exposure. 4. Employ strict firewall rules to limit access to the RouterOS web server interface, ideally restricting it to trusted management networks only. 5. Monitor network traffic for unusual patterns or signs of compromise, including unexpected outbound connections or changes in device behavior. 6. Regularly backup router configurations and maintain incident response plans to quickly recover from potential compromises. 7. Consider deploying intrusion detection/prevention systems capable of detecting exploitation attempts targeting this vulnerability. 8. Educate network operations teams about the risks and signs of exploitation related to this vulnerability to ensure rapid detection and response.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-10-15T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aeca04

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 3:25:50 PM

Last updated: 8/11/2025, 10:48:56 AM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats