Is CVE-2018-7445 actively exploited?

CVE-2018-7445 has no public evidence of in-the-wild exploitation as of 2025-11-07.

What is the CVSS score for CVE-2018-7445?

CVE-2018-7445 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2018-7445?

Patch guidance is available from mikrotik security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-7445.

Fix CVE-2018-7445 - CRITICAL mikrotik routeros

Q: Which products are affected by CVE-2018-7445?

13 products: mikrotik routeros, mikrotik routeros, mikrotik routeros, mikrotik routeros, mikrotik routeros, and 8 more.

Description

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-119 · Memory Buffer Errors CWE-119 · Memory Buffer Errors

Metadata

Primary Vendor: MIKROTIK
Published: 3/19/2018
Last Modified: 11/7/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

mikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routerosmikrotik : routeros

Remediation Guidance

Executive Summary

View on NIST NVD