CVE-2018-14847 MikroTik CVE debrief

Who should care

Administrators and security teams responsible for MikroTik RouterOS deployments, especially those tracking or remediating CISA KEV-listed vulnerabilities.

Technical summary

The official source corpus identifies CVE-2018-14847 as a directory traversal issue in MikroTik RouterOS. CISA’s KEV entry marks it as a known exploited vulnerability and recommends applying updates per vendor instructions. The supplied sources do not include a vendor advisory or fixed-version details.

Defensive priority

High — CISA KEV inclusion means this vulnerability should be prioritized for prompt remediation and asset verification.

Recommended defensive actions

• Inventory MikroTik RouterOS systems across the environment.
• Check the CISA KEV entry and follow vendor update instructions for CVE-2018-14847.
• Apply RouterOS updates as soon as practical.
• If immediate patching is not possible, restrict access to the affected systems until remediation is complete.
• Reconfirm remediation after updates are applied.

Evidence notes

CISA’s Known Exploited Vulnerabilities feed lists CVE-2018-14847 as a MikroTik RouterOS directory traversal vulnerability, added on 2021-12-01 with a due date of 2022-06-01 and the required action “Apply updates per vendor instructions.” The official CVE and NVD records are provided as reference links in the source corpus.

Official resources