CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. Vendor/Product: MikroTik RouterOS. Added to CISA KEV 2021-12-01; required action: Apply updates per vendor instructions.