CVE-2018-14847

CRITICALNVD 9.19.1—Trending — 4 sources updated this weekExploited in the wild

9.1

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

CVSS v3: 9.1
EG Score: 9.1(high)
EPSS: 99.9%
KEV: ⚠ Exploited

Published

August 2, 2018

Last Modified

November 7, 2025

Advisory Details (6)

Auto-updated Jun 2, 2026

🔬 Proof of concept available. No patch confirmed yet.

generic🟡 PoC Available

GitHub - BigNerd95/WinboxExploit: Proof of Concept of Winbox Critical Vulnerability · GitHub

https://github.com/BigNerd95/WinboxExploit

generic🟡 PoC Available

GitHub - BasuCert/WinboxPoC: Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847) · GitHub

https://github.com/BasuCert/WinboxPoC

generic

https://blog.n0p.me/2018/05/2018-05-21-winbox-bug-dissection/

https://n0p.me/winbox-bug-dissection/

generic

MikroTik · Winbox vulnerability

https://mikrotik.com/supportsec/winbox-vulnerability

generic🟡 PoC Available

routeros/poc/cve_2018_14847 at master · tenable/routeros · GitHub

https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847

generic🟡 PoC Available

routeros/poc/bytheway at master · tenable/routeros · GitHub

https://github.com/tenable/routeros/tree/master/poc/bytheway

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-22Path Traversal

Data Freshness Timeline

(refreshed 20× in last 7d / 20× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-06-06 18:34 UTCEG score recompute
2026-06-06 18:34 UTCGHSA enrichment
2026-06-06 14:57 UTCEG score recompute
2026-06-06 14:57 UTCGHSA enrichment
2026-06-06 13:45 UTCepss_batch
2026-06-06 13:45 UTCepss_batch
2026-06-06 11:19 UTCEG score recompute
2026-06-06 11:19 UTCGHSA enrichment
2026-06-06 07:41 UTCEG score recompute
2026-06-06 07:41 UTCGHSA enrichment
2026-06-06 04:03 UTCEG score recompute
2026-06-06 04:03 UTCGHSA enrichment
2026-06-06 00:25 UTCEG score recompute
2026-06-06 00:25 UTCGHSA enrichment
2026-06-05 22:45 UTCepss_batch
2026-06-05 22:44 UTCepss_batch
2026-06-05 22:43 UTCkev_newly_listed
2026-06-05 20:48 UTCEG score recompute
2026-06-05 20:48 UTCGHSA enrichment
2026-06-05 17:11 UTCEG score recompute

Publicly available exploits

(10 references)

Working exploit code is in the public domain (1 Metasploit module) (8 GitHub PoCs) (1 Exploit-DB entry). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

GitHub PoCK3ysTr0K3R/CVE-2018-14847-EXPLOIT
First seen Apr 22, 2024
A PoC exploit for CVE-2018-14847 - MikroTik WinBox File Read
Open source ↗
GitHub PoCbabyshen/routeros-CVE-2018-14847-bytheway
First seen Oct 31, 2022
By the Way is an exploit that enables a root shell on Mikrotik devices running RouterOS versions:
Open source ↗
GitHub PoChacker30468/Mikrotik-router-hack
First seen Apr 21, 2021
This is a proof of concept of the critical WinBox vulnerability (CVE-2018-14847) which allows for arbitrary file read of plain text passwords. The vulnerability has long since been fixed, so this project has ended and will not be supported or updated anymore. You can fork it and update it yourself instead.
Open source ↗
GitHub PoCsinichi449/Python-MikrotikLoginExploit
First seen Sep 29, 2019
PoC of CVE-2018-14847 Mikrotik Vulnerability using simple script
Open source ↗
GitHub PoCmahmoodsabir/mikrotik-beast
First seen May 26, 2019
Mass MikroTik WinBox Exploitation tool, CVE-2018-14847
Open source ↗
GitHub PoCjas502n/CVE-2018-14847
First seen Dec 15, 2018
MikroTik RouterOS Winbox未经身份验证的任意文件读/写漏洞
Open source ↗
GitHub PoCsyrex1013/MikroRoot
First seen Oct 13, 2018
Automated version of CVE-2018-14847 (MikroTik Exploit)
Open source ↗
Exploit-DBEDB-45578
First seen Oct 10, 2018
MicroTik RouterOS < 6.43rc3 - Remote Root
Open source ↗
GitHub PoCmsterusky/WinboxExploit
First seen Sep 11, 2018
C# implementation of BasuCert/WinboxPoC [Winbox Critical Vulnerability (CVE-2018-14847)]
Open source ↗
Metasploitauxiliary/gather/mikrotik_winbox_fileread✓ verified
First seen Aug 2, 2018
Mikrotik Winbox Arbitrary File Read
Open source ↗

Frequently asked(6)

What is CVE-2018-14847?

CVE-2018-14847 is a critical vulnerability published on August 2, 2018. MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

When was CVE-2018-14847 disclosed?

CVE-2018-14847 was first published in the National Vulnerability Database on August 2, 2018, with the most recent update on November 7, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2018-14847 actively exploited?

Yes. CISA added CVE-2018-14847 to the Known Exploited Vulnerabilities catalog on December 1, 2021, affecting MikroTik RouterOS. KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.

What is the CVSS score of CVE-2018-14847?

CVE-2018-14847 has a CVSS v3 base score of 9.1 (NVD).

Which products are affected by CVE-2018-14847?

CVE-2018-14847 affects MikroTik RouterOS. The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.

How do I remediate CVE-2018-14847?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2018-14847, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2018-14847

Explore →

Is Your Infrastructure Affected by CVE-2018-14847?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2018-14847

📅 Published

🔄 Last Modified

📋 Advisory Details (6)

GitHub - BigNerd95/WinboxExploit: Proof of Concept of Winbox Critical Vulnerability · GitHub

GitHub - BasuCert/WinboxPoC: Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847) · GitHub

https://blog.n0p.me/2018/05/2018-05-21-winbox-bug-dissection/

MikroTik · Winbox vulnerability

routeros/poc/cve_2018_14847 at master · tenable/routeros · GitHub

routeros/poc/bytheway at master · tenable/routeros · GitHub

Weakness Classification(1)

Data Freshness Timeline

Publicly available exploits

❓ Frequently asked(6)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2018-14847?

🔗 Related CVEs(same CWE)

Same CWE

Published

Last Modified

Advisory Details (6)

Frequently asked(6)

Related CVEs(same CWE)