PatchSiren cyber security CVE debrief
CVE-2018-7445 MikroTik CVE debrief
CVE-2018-7445 is a MikroTik RouterOS stack-based buffer overflow that CISA placed in the Known Exploited Vulnerabilities catalog on 2022-09-08, with a remediation due date of 2022-09-29. Organizations running RouterOS should treat this as a high-priority patching item and verify that vendor-recommended updates are applied.
- Vendor
- MikroTik
- Product
- RouterOS
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2022-09-08
- Original CVE updated
- 2022-09-08
- Advisory published
- 2022-09-08
- Advisory updated
- 2022-09-08
Who should care
Organizations running MikroTik RouterOS, especially teams responsible for network edge devices, branch routers, and any externally reachable infrastructure.
Technical summary
The supplied record identifies a stack-based buffer overflow in MikroTik RouterOS. CISA classifies it as a known exploited vulnerability, so defenders should assume elevated risk and focus on rapid patching and asset verification.
Defensive priority
High
Recommended defensive actions
- Apply updates per vendor instructions for all affected MikroTik RouterOS systems.
- Inventory RouterOS devices and confirm current versions and patch status.
- Prioritize internet-facing or externally accessible devices for immediate review.
- Validate remediation against the official CVE and NVD records and track any exceptions.
- Monitor CISA KEV and vendor guidance for additional remediation notes.
Evidence notes
The supplied CISA KEV source item names the issue as "MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability" and records MikroTik as the vendor, RouterOS as the product, and "Apply updates per vendor instructions" as the required action. The record also lists dateAdded as 2022-09-08 and dueDate as 2022-09-29. Official CVE and NVD links are provided in the source corpus. No CVSS score was included in the supplied record.
Official resources
-
CVE-2018-7445 CVE record
CVE.org
-
CVE-2018-7445 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions.
-
Source item URL
cisa_kev
Public debrief based only on the supplied CISA KEV source item and official CVE/NVD links. No exploit code, reproduction steps, or unsupported claims included.