Vulnerabilites related to mikrotik - routeros
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3E9E61C3-F25A-43A2-AA35-A495453C2670",
"versionEndExcluding": "7.12",
"versionStartIncluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MikroTik RouterOS v7.1 a 7.11 conten\u00eda mecanismos de control de acceso incorrectos para la API Rest."
}
],
"id": "CVE-2023-41570",
"lastModified": "2024-11-21T08:21:18.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8534A9B0-405D-4E52-8B77-F48C6FD67DEB",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/ bfd.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20220",
"lastModified": "2024-11-21T05:11:55.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T20:15:07.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-03 16:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/1 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (\u00e1rbol a largo plazo) sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/traceroute. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a la variable de contador de bucle."
}
],
"id": "CVE-2020-20218",
"lastModified": "2024-11-21T05:11:55.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-03T16:15:07.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "E96DA8A8-65E0-4D1C-A15B-8A4F7A0644A1",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AA750EF2-6247-46CF-B800-C0417F6D35A5",
"versionEndIncluding": "6.45.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package\u0027s name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled."
},
{
"lang": "es",
"value": "RouterOS versi\u00f3n 6.45.6 Stable, RouterOS versi\u00f3n 6.44.5 Long-Term y anteriores, son susceptibles a una vulnerabilidad de creaci\u00f3n de directorio arbitraria por medio del campo upgrade package\u0027s name. Si un usuario autenticado instala un paquete malicioso, entonces un directorio podr\u00eda ser creado y el shell del desarrollador podr\u00eda ser habilitado."
}
],
"id": "CVE-2019-3976",
"lastModified": "2024-11-21T04:42:59.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:20.297",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-07 16:15
Modified
2024-11-21 08:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| disclosure@vulncheck.com | https://vulncheck.com/advisories/mikrotik-jsproxy-dos | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vulncheck.com/advisories/mikrotik-jsproxy-dos | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3C171D42-9A4F-43E0-BF7C-13A7FEC2F049",
"versionEndExcluding": "6.49.10",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server\u0027s heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\n"
},
{
"lang": "es",
"value": "El servidor web utilizado por MikroTik RouterOS versi\u00f3n 6 se ve afectado por un problema de corrupci\u00f3n de memoria. Un atacante remoto y no autenticado puede da\u00f1ar la memoria de almacenamiento din\u00e1mico del servidor mediante el env\u00edo de una solicitud HTTP manipulada. Como resultado, la interfaz web se bloquea y se reinicia inmediatamente. El problema se solucion\u00f3 en RouterOS 6.49.10 stable. RouterOS versi\u00f3n 7 no se ve afectado."
}
],
"id": "CVE-2023-30800",
"lastModified": "2024-11-21T08:00:55.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-07T16:15:07.670",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md | Broken Link, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8534A9B0-405D-4E52-8B77-F48C6FD67DEB",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/lcdstat.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20254",
"lastModified": "2024-11-21T05:11:58.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T14:15:07.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 19:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.3:*:*:*:-:*:*:*",
"matchCriteriaId": "F9F55FFD-A047-4AB2-A2F6-53537AD2A79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.46.3 (stable tree), sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/sniffer.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso inapropiado a la memoria"
}
],
"id": "CVE-2020-20237",
"lastModified": "2024-11-21T05:11:57.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T19:15:07.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-28 19:15
Modified
2024-11-21 05:13
Severity ?
Summary
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md | Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/support | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/support | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "91339E44-1C36-4AE4-804C-38835AD32DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en Mikrotik RouterOS versi\u00f3n 6.47 permite a atacantes no autenticados causar una denegaci\u00f3n de servicio (DOS) por medio de peticiones SMB dise\u00f1adas.\n"
}
],
"id": "CVE-2020-22844",
"lastModified": "2024-11-21T05:13:26.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-28T19:15:08.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/support"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/support"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-27 14:15
Modified
2025-02-19 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://mikrotik.com | Product | |
| cve@mitre.org | http://routeros.com | Broken Link | |
| cve@mitre.org | https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mikrotik.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://routeros.com | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:*:*:*:*",
"matchCriteriaId": "29AFF54C-9291-4ADF-9DD4-1F1FF4CD2166",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets."
}
],
"id": "CVE-2023-24094",
"lastModified": "2025-02-19T19:15:12.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-27T14:15:07.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://mikrotik.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://routeros.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://mikrotik.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://routeros.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-19 15:15
Modified
2024-11-21 08:00
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| disclosure@vulncheck.com | https://github.com/MarginResearch/FOISted | Third Party Advisory | |
| disclosure@vulncheck.com | https://vulncheck.com/advisories/mikrotik-foisted | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MarginResearch/FOISted | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vulncheck.com/advisories/mikrotik-foisted | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "A8C0285B-A979-4913-AB13-37A0ED0F4848",
"versionEndIncluding": "6.48.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "39DD099B-D7AD-440C-9FE7-450D0DDB44D7",
"versionEndExcluding": "6.49.7",
"versionStartIncluding": "6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\n\n"
}
],
"id": "CVE-2023-30799",
"lastModified": "2024-11-21T08:00:55.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-19T15:15:10.477",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MarginResearch/FOISted"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MarginResearch/FOISted"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-12 05:59
Modified
2024-11-21 03:29
Severity ?
Summary
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.exploitalert.com/view-details.html?id=26137 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2017030029 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/41601/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploitalert.com/view-details.html?id=26137 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2017030029 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/41601/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mikrotik | routeros | 6.25 | |
| mikrotik | router_hap_lite | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "782A270F-EFFB-4E37-9951-0F89C845BDCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mikrotik:router_hap_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66E72623-EACF-41FC-83DD-D876A387E408",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation."
},
{
"lang": "es",
"value": "El router MikroTik hAP Lite 6.25 no tiene mecanismo de protecci\u00f3n para paquetes TCP ACK no solicitados en el caso de una conexi\u00f3n de red r\u00e1pida. lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) enviando muchos paquetes ACK. Despu\u00e9s de que el atacante detenga el exploit, el uso de CPU es 100% y el router requiere un reinicio para un funcionamiento normal"
}
],
"id": "CVE-2017-6444",
"lastModified": "2024-11-21T03:29:47.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-12T05:59:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.exploitalert.com/view-details.html?id=26137"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41601/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.exploitalert.com/view-details.html?id=26137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41601/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/diskd. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso no v\u00e1lido a la memoria"
}
],
"id": "CVE-2020-20215",
"lastModified": "2024-11-21T05:11:54.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-03 21:15
Modified
2024-11-21 04:24
Severity ?
Summary
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.mikrotik.com/viewtopic.php?t=150045 | Vendor Advisory | |
| cve@mitre.org | https://mikrotik.com/download/changelogs/stable-release-tree | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.mikrotik.com/viewtopic.php?t=150045 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs/stable-release-tree | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B30CA4-E14C-4D48-97A5-D761E3CE4E27",
"versionEndIncluding": "6.44.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1FD987-CA1F-4FDA-B381-D9DBC17B99A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\\+pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "526F57A0-66E5-47B0-AA56-129A68591B9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B295C919-5D41-48EC-BE97-21A7A51B0900",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1016-12g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "918648BA-4A2B-455C-8348-98A5911F5721",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1016-12s-1s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB272F1-D066-4D9F-886E-CA883ABF447D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-12g-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3516BAD4-FFA4-4C4A-B1DB-F6B393488554",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-12g-4s-em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFCA937-CA92-409D-BC29-B0424BB8F2EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-8g-2s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7B0504-C1F7-4E83-B225-090A3BFF40E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-8g-2s\\+em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F116F5D-0ECE-4485-A0B6-4B4636169504",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1072-1g-8s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "423B1B58-B64B-4797-A9BA-AA3D53F8A3F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "625E3C1B-73EE-431E-A73E-A5909DA330E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D501654E-8A50-4279-8930-4DCCD4821875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47B00042-7C48-47B7-BF84-9654C71B3D63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_poe_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AA7241-64CC-49FB-9019-5C1A82F461A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF3EC35-EE46-4688-AD8F-13D609789824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:powerbox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FBDC6D-3EE7-41F1-B633-E6445D00698B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:powerbox_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C26C0-7553-4BD4-ACC8-80C8FFF01727",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb1100ahx4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3A5B6E-1C32-446F-8ADE-63C477D4A6E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb1100ahx4:-:*:dude:*:*:*:*:*",
"matchCriteriaId": "4F5D365D-D2CE-4449-A31F-073F0A0C95C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011il-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A41B00D7-D928-4201-B99C-EAE30735C09D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011il-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A7CA16-45FC-406A-8558-62AE2289D76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011ils-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA4DB1-5C25-4C52-9C25-7F6A1CD1C089",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011uias-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A357D-C6AA-44FD-960E-99D86E0AF88D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011uias-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "769077CF-8F3A-4C7B-B608-8185719A0552",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb3011uias-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB41A1C-7B95-41D4-BFF7-F339FDDD7A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb4011igs\\+rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11591C89-43B0-4C40-A84D-0D5C19DCE982",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el demonio FTP en los enrutadores MikroTik hasta la versi\u00f3n 6.44.3 podr\u00eda permitir a los atacantes remotos agotar toda la memoria disponible, lo que provocar\u00eda que el dispositivo se reiniciara debido a la administraci\u00f3n de recursos no controlada."
}
],
"id": "CVE-2019-13074",
"lastModified": "2024-11-21T04:24:08.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-03T21:15:10.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-29 14:59
Modified
2024-11-21 03:31
Severity ?
Summary
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97266 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2017030242 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/41752/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97266 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2017030242 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/41752/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF33501-CBA2-4ED1-9EF9-3FDCF8472BBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections."
},
{
"lang": "es",
"value": "Vulnerabilidad en la pila de la red de MikroTik Version 6.38.5 liberada 09-03-2017 podr\u00eda permitir a un atacante remoto no autenticado agotar toda la CPU disponible a trav\u00e9s de una inundaci\u00f3n de paquetes TCP RST, evitando que el enrutador afectado acepte nuevas conexiones TCP."
}
],
"id": "CVE-2017-7285",
"lastModified": "2024-11-21T03:31:33.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-29T14:59:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97266"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/41752/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/41752/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/0 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.5:*:*:*:ltr:*:*:*",
"matchCriteriaId": "41C40183-6EF3-4FE0-9B4A-E1C001B2A005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.5 (long-term tree) sufre una vulnerabilidad de fallo de aserci\u00f3n en el proceso /nova/bin/console. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un fallo de aserci\u00f3n por medio de un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20211",
"lastModified": "2024-11-21T05:11:54.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-02 07:29
Modified
2025-02-04 21:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
References
{
"cisaActionDue": "2022-06-01",
"cisaExploitAdd": "2021-12-01",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "MikroTik Router OS Directory Traversal Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16E5E5C5-AE57-4E80-8405-C12C6D0999EB",
"versionEndIncluding": "6.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface."
},
{
"lang": "es",
"value": "MikroTik RouterOS hasta la versi\u00f3n 6.42 permite que atacante remoto no autenticado lean archivos arbitrarios y que los atacantes autenticados remotos escriban en archivos arbitrarios debido a una vulnerabilidad de salto de directorio en la interfaz WinBox."
}
],
"id": "CVE-2018-14847",
"lastModified": "2025-02-04T21:15:14.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-08-02T07:29:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45578/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45578/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 19:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree), sufre una vulnerabilidad de fallo de afirmaci\u00f3n en el proceso btest.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un fallo de aserci\u00f3n por medio de un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20214",
"lastModified": "2024-11-21T05:11:54.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T19:15:07.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:59
Severity ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "61E0FC57-8604-4BA5-BF68-A46946C3B14E",
"versionEndExcluding": "6.40.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B4AC99-9E5F-480A-9884-D52271D2BC34",
"versionEndExcluding": "6.42.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request."
},
{
"lang": "es",
"value": "Mikrotik RouterOS en versiones anteriores a la 6.42.7 y 6.40.9 es vulnerable a una vulnerabilidad de agotamiento de memoria. Un atacante remoto autenticado puede provocar el cierre inesperado del servidor HTTP y, en algunas circunstancias, el reinicio del sistema mediante una petici\u00f3n POST HTTP manipulada."
}
],
"id": "CVE-2018-1157",
"lastModified": "2024-11-21T03:59:18.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:00.457",
"references": [
{
"source": "vulnreport@tenable.com",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 19:15
Modified
2024-11-21 06:20
Severity ?
Summary
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326630BA-3CC3-47EB-A78F-FB5EC4E579A0",
"versionEndIncluding": "2021-01-04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter."
},
{
"lang": "es",
"value": "En MikroTik RouterOS hasta el 01-04-2021, la p\u00e1gina de inicio de sesi\u00f3n del hotspot es vulnerable a un ataque de tipo XSS reflejado por medio del par\u00e1metro objetivo."
}
],
"id": "CVE-2021-3014",
"lastModified": "2024-11-21T06:20:45.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T19:15:15.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-10 21:29
Modified
2024-11-21 04:42
Severity ?
Summary
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-16 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-16 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "ACADC6D1-CFEF-4F9D-966C-64D3BB0C2256",
"versionEndIncluding": "6.42.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "829F9974-1A56-4391-AFA9-4BB4B3096AFD",
"versionEndIncluding": "6.43.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc31:*:*:testing:*:*:*",
"matchCriteriaId": "C7DDCBF9-152C-421C-B326-CCFB62A42C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc32:*:*:testing:*:*:*",
"matchCriteriaId": "AA89BEC4-62A8-4DA7-AB2A-2D18A643E3F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc34:*:*:testing:*:*:*",
"matchCriteriaId": "BCA389CA-532D-432C-A5C0-69C3CFA207C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc37:*:*:testing:*:*:*",
"matchCriteriaId": "5C950CF8-62A1-4A26-9133-108DAB661394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc38:*:*:testing:*:*:*",
"matchCriteriaId": "EB7ECE0C-B21E-4EFB-85D3-1A5A846D75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc44:*:*:testing:*:*:*",
"matchCriteriaId": "3FC3F259-1C2A-4393-86E2-103495570F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc47:*:*:testing:*:*:*",
"matchCriteriaId": "C097CA40-9528-43DF-B3B7-59722AE5866A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc50:*:*:testing:*:*:*",
"matchCriteriaId": "A3793BBE-8E1A-4C07-9A52-E6DA4FE0DD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc52:*:*:testing:*:*:*",
"matchCriteriaId": "CE5A816B-6663-4633-886A-AD7E3CBA5E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc56:*:*:testing:*:*:*",
"matchCriteriaId": "B851706B-4A98-4FD3-99B0-CE239D419808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc61:*:*:testing:*:*:*",
"matchCriteriaId": "40D21FB7-E7C5-46B4-B89A-81F84EEB62B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc66:*:*:testing:*:*:*",
"matchCriteriaId": "5AAB3F87-47C7-4726-8DF1-09261C7C0613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:testing:*:*:*",
"matchCriteriaId": "B353D6FD-C9FD-4458-82AA-F9FE168B04D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:testing:*:*:*",
"matchCriteriaId": "B5A92D37-C91C-4229-9B6D-C8FDB5C1DED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:testing:*:*:*",
"matchCriteriaId": "E8B77E44-F502-4164-95A7-60C53F4C465A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:testing:*:*:*",
"matchCriteriaId": "EAF10AE7-F48F-4FEC-A43A-7E5A45AF5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*",
"matchCriteriaId": "CB43A291-A77C-445D-9F68-1FA21C257561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:testing:*:*:*",
"matchCriteriaId": "EF252049-8D6D-47D7-9543-3B53D7D0DA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:testing:*:*:*",
"matchCriteriaId": "48006BD1-EF86-4205-A1F7-C8A0D3D73EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:testing:*:*:*",
"matchCriteriaId": "4F4D0CB8-F170-49E1-BB20-E4A3698FCE69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*",
"matchCriteriaId": "A6A9B305-ECE5-45C6-8417-BC2AAF9F4FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:testing:*:*:*",
"matchCriteriaId": "E76F79DB-F504-4495-B992-E895B0F0871E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:testing:*:*:*",
"matchCriteriaId": "D2B6691E-55DA-4D39-BD80-2BCF16952308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:testing:*:*:*",
"matchCriteriaId": "A710D231-1F22-4F38-B228-30CDF0169149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:testing:*:*:*",
"matchCriteriaId": "F83EF0A6-CA00-404C-AC6C-14BB10C329B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:testing:*:*:*",
"matchCriteriaId": "CDA42D78-29F2-48B4-9422-3D39BA408E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:testing:*:*:*",
"matchCriteriaId": "6643B0FC-93D5-4F10-AC3C-323F598C5013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:testing:*:*:*",
"matchCriteriaId": "02F11653-1822-4D53-A6ED-745AC401AD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:testing:*:*:*",
"matchCriteriaId": "9BF25BBD-CF35-4EE1-8A7A-EEEBD662E0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:testing:*:*:*",
"matchCriteriaId": "2D70CCC2-48CF-4DAA-ABDF-B81F3DAA7EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:testing:*:*:*",
"matchCriteriaId": "7DF5E7C1-0426-4B1E-A44F-C91AF4F0CCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:testing:*:*:*",
"matchCriteriaId": "DB9A9D2C-697D-4ED3-9DBC-7A783C35DA91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:testing:*:*:*",
"matchCriteriaId": "C50C6C42-A148-4CBF-B843-D2DB89104387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:testing:*:*:*",
"matchCriteriaId": "525C6344-D579-4697-B092-94E75EAD7755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:testing:*:*:*",
"matchCriteriaId": "F81532B9-1525-417E-8BF2-E4A8055D2DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:testing:*:*:*",
"matchCriteriaId": "8F9181C2-FF73-4BDF-90EE-00F6B066B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:testing:*:*:*",
"matchCriteriaId": "A44766F0-BCBF-433B-BEB0-13EB334899EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc11:*:*:testing:*:*:*",
"matchCriteriaId": "2FA5B37B-9EB7-4A1C-9A20-26AFAEC2F221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc12:*:*:testing:*:*:*",
"matchCriteriaId": "D1D9CCDE-2F9A-4F6F-A457-B9671E1B5874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc14:*:*:testing:*:*:*",
"matchCriteriaId": "73E3C281-E554-412F-941A-B55BA70AC7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc17:*:*:testing:*:*:*",
"matchCriteriaId": "7F4223D5-0C3D-4C7E-A7B3-D1074A2FE75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc19:*:*:testing:*:*:*",
"matchCriteriaId": "0A088124-8494-4E57-87C0-E75EEA4098DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc21:*:*:testing:*:*:*",
"matchCriteriaId": "090A232C-1F78-4C92-854D-BA91398770D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc23:*:*:testing:*:*:*",
"matchCriteriaId": "E4A4F1E1-2510-487D-AC6A-68D4450CDA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc27:*:*:testing:*:*:*",
"matchCriteriaId": "28D50A65-95AF-479C-9661-35378B3ED2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc29:*:*:testing:*:*:*",
"matchCriteriaId": "8F478173-186D-436D-A200-4F20A7303630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc3:*:*:testing:*:*:*",
"matchCriteriaId": "8E009CEF-1FE9-47B4-BC46-382D972B47EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc32:*:*:testing:*:*:*",
"matchCriteriaId": "E8E34937-3118-4FA0-B5CD-BA14F64507A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc34:*:*:testing:*:*:*",
"matchCriteriaId": "9D9786EA-C661-4478-AFA0-00728CBB246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc4:*:*:testing:*:*:*",
"matchCriteriaId": "13F7DF28-170C-44E9-B39C-AB4B85B42201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc40:*:*:testing:*:*:*",
"matchCriteriaId": "9823F4EF-9B49-4E4F-8B89-DF02D61C5146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc42:*:*:testing:*:*:*",
"matchCriteriaId": "06860FB4-20D8-43B7-B530-CAD0BA186EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc44:*:*:testing:*:*:*",
"matchCriteriaId": "25882AF0-E9A2-4952-A1E3-755A1DBA2D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc45:*:*:testing:*:*:*",
"matchCriteriaId": "FE03C935-AC83-4B23-ABA2-67F759F10EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc5:*:*:testing:*:*:*",
"matchCriteriaId": "BD83DCDC-20D5-4580-99BF-79981E081B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc51:*:*:testing:*:*:*",
"matchCriteriaId": "AFE7F815-2B2C-4F22-B1C9-0F13257160C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc56:*:*:testing:*:*:*",
"matchCriteriaId": "F662E59F-7C43-4157-83AF-30CDC8CFFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc6:*:*:testing:*:*:*",
"matchCriteriaId": "85377655-60CC-43C9-96E3-21C136FF0ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc64:*:*:testing:*:*:*",
"matchCriteriaId": "8763E04A-F260-498D-8ABB-0655844B5ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc66:*:*:testing:*:*:*",
"matchCriteriaId": "2EB5142B-7FA6-4B74-A462-28C6E1039B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc7:*:*:testing:*:*:*",
"matchCriteriaId": "C5B8D222-A633-490C-ADA4-DDF7727B4A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta14:*:*:testing:*:*:*",
"matchCriteriaId": "8D2D7A0A-8A4A-412B-9146-BAB84270DCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta17:*:*:testing:*:*:*",
"matchCriteriaId": "2FEE0259-3406-41DD-A043-87FD52CFD2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta20:*:*:testing:*:*:*",
"matchCriteriaId": "8A8F6139-9A63-4A8A-ACB1-344B36422A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta28:*:*:testing:*:*:*",
"matchCriteriaId": "3FD287C7-0032-4CB0-96AF-24D63FE10D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta39:*:*:testing:*:*:*",
"matchCriteriaId": "2C1433B6-773B-4922-B9FF-4D7255114C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta40:*:*:testing:*:*:*",
"matchCriteriaId": "C90C3B68-82AE-4833-BF41-98F5BFB03D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta50:*:*:testing:*:*:*",
"matchCriteriaId": "ADE50771-AED1-410A-9BCC-6AE5EB46D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta54:*:*:testing:*:*:*",
"matchCriteriaId": "B139016D-08F7-4085-ADD9-16396C9B3440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta6:*:*:testing:*:*:*",
"matchCriteriaId": "A0236F88-103D-4CCD-8F6E-440048378E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta61:*:*:testing:*:*:*",
"matchCriteriaId": "BC6967CF-6B88-48F9-8D81-FE4930F400E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta75:*:*:testing:*:*:*",
"matchCriteriaId": "019DD6AA-08AD-4A9F-9817-21C776260B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta9:*:*:testing:*:*:*",
"matchCriteriaId": "B45EB891-09D4-436E-AC6A-A53CC4A6C6EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
},
{
"lang": "es",
"value": "Las versiones de MikroTik RouterOS Stable versi\u00f3n 6.43.12 y versiones posteriores, Long-term versi\u00f3n 6.42.12 y versiones posteriores, y Testing versi\u00f3n 6.44beta75 y versiones anteriores son vulnerables a un salto de directorio remoto autenticado por medio de las interfaces HTTP o Winbox. Un ataque remoto autenticado puede usar esta vulnerabilidad para leer y escribir archivos fuera del directorio sandbox (/rw/disk)."
}
],
"id": "CVE-2019-3943",
"lastModified": "2024-11-21T04:42:54.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-10T21:29:01.823",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-23 16:15
Modified
2024-11-21 04:55
Severity ?
Summary
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html | Exploit, Mitigation, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/48228 | Exploit, Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html | Exploit, Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/48228 | Exploit, Mitigation, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B30CA4-E14C-4D48-97A5-D761E3CE4E27",
"versionEndIncluding": "6.44.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1FD987-CA1F-4FDA-B381-D9DBC17B99A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\\+pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "526F57A0-66E5-47B0-AA56-129A68591B9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B295C919-5D41-48EC-BE97-21A7A51B0900",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1016-12g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "918648BA-4A2B-455C-8348-98A5911F5721",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1016-12s-1s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB272F1-D066-4D9F-886E-CA883ABF447D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-12g-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3516BAD4-FFA4-4C4A-B1DB-F6B393488554",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-12g-4s-em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFCA937-CA92-409D-BC29-B0424BB8F2EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-8g-2s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7B0504-C1F7-4E83-B225-090A3BFF40E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-8g-2s\\+em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F116F5D-0ECE-4485-A0B6-4B4636169504",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1072-1g-8s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "423B1B58-B64B-4797-A9BA-AA3D53F8A3F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "625E3C1B-73EE-431E-A73E-A5909DA330E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D501654E-8A50-4279-8930-4DCCD4821875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47B00042-7C48-47B7-BF84-9654C71B3D63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_poe_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AA7241-64CC-49FB-9019-5C1A82F461A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF3EC35-EE46-4688-AD8F-13D609789824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:powerbox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FBDC6D-3EE7-41F1-B633-E6445D00698B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:powerbox_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C26C0-7553-4BD4-ACC8-80C8FFF01727",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb1100ahx4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3A5B6E-1C32-446F-8ADE-63C477D4A6E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb1100ahx4:-:*:dude:*:*:*:*:*",
"matchCriteriaId": "4F5D365D-D2CE-4449-A31F-073F0A0C95C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011il-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A41B00D7-D928-4201-B99C-EAE30735C09D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011il-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A7CA16-45FC-406A-8558-62AE2289D76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011ils-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA4DB1-5C25-4C52-9C25-7F6A1CD1C089",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011uias-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A357D-C6AA-44FD-960E-99D86E0AF88D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011uias-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "769077CF-8F3A-4C7B-B608-8185719A0552",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb3011uias-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB41A1C-7B95-41D4-BFF7-F339FDDD7A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb4011igs\\+rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11591C89-43B0-4C40-A84D-0D5C19DCE982",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management."
},
{
"lang": "es",
"value": "El demonio SSH en los enrutadores MikroTik versiones hasta v6.44.3, podr\u00eda permitir a atacantes remotos generar actividad de CPU, desencadenar un rechazo de nuevas conexiones autorizadas y causar un reinicio por medio de llamadas de sistema de conexi\u00f3n y escritura, debido a una gesti\u00f3n de recursos no controlada."
}
],
"id": "CVE-2020-10364",
"lastModified": "2024-11-21T04:55:09.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-23T16:15:13.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-15 02:15
Modified
2024-11-21 03:22
Severity ?
Summary
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/BigNerd95/Chimay-Red | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/BigNerd95/Chimay-Red | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "48A6BC6C-0F39-4F53-AC01-D345CB9F8CE0",
"versionEndExcluding": "6.37.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7108B6-52D6-4DEA-A936-B3CBE2AE984D",
"versionEndExcluding": "6.38.5",
"versionStartIncluding": "6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later."
},
{
"lang": "es",
"value": "El servidor web Mikrotik RouterOS permite una corrupci\u00f3n de memoria en versiones anteriores a Stable 6.38.5 y Long-term 6.37.5, tambi\u00e9n se conoce como Chimay-Red. Un usuario remoto y no autenticado puede desencadenar la vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada. Un atacante puede utilizar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema afectado, como fue explotado \"in the wild\" mediados de 2017 y m\u00e1s tarde"
}
],
"id": "CVE-2017-20149",
"lastModified": "2024-11-21T03:22:44.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-15T02:15:08.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/BigNerd95/Chimay-Red"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/BigNerd95/Chimay-Red"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-28 19:15
Modified
2024-11-21 05:13
Severity ?
Summary
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "91339E44-1C36-4AE4-804C-38835AD32DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en Mikrotik RouterOS versi\u00f3n 6.47, permite a atacantes no autenticados causar una denegaci\u00f3n de servicio (DOS) por medio de peticiones FTP dise\u00f1adas.\n"
}
],
"id": "CVE-2020-22845",
"lastModified": "2024-11-21T05:13:26.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-28T19:15:08.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/support"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/support"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 21:15
Modified
2024-11-21 04:27
Severity ?
Summary
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A669D0-7960-441F-8B9E-AC28EB6ABEC3",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9A5A79-1FA9-4812-9930-690EDC94DC05",
"versionEndIncluding": "6.45.3",
"versionStartIncluding": "6.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."
},
{
"lang": "es",
"value": "MikroTik RouterOS a trav\u00e9s de 6.44.5 y 6.45.x a 6.45.3 maneja incorrectamente el nombre del disco, lo que permite a los usuarios autenticados eliminar archivos arbitrarios. Los atacantes pueden aprovechar esta vulnerabilidad para restablecer el almacenamiento de credenciales, lo que les permite acceder a la interfaz de administraci\u00f3n como administrador sin autenticaci\u00f3n."
}
],
"id": "CVE-2019-15055",
"lastModified": "2024-11-21T04:27:58.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T21:15:11.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"source": "cve@mitre.org",
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "E96DA8A8-65E0-4D1C-A15B-8A4F7A0644A1",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AA750EF2-6247-46CF-B800-C0417F6D35A5",
"versionEndIncluding": "6.45.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system\u0027s usernames and passwords."
},
{
"lang": "es",
"value": "RouterOS versi\u00f3n 6.45.6 Stable, RouterOS versi\u00f3n 6.44.5 Long-Term y anteriores, comprueban insuficientemente desde d\u00f3nde se descargan los paquetes de actualizaci\u00f3n cuando se usa la funcionalidad autoupgrade. Por lo tanto, un atacante remoto puede enga\u00f1ar al router para un \"upgrading\" a una versi\u00f3n anterior de RouterOS y posiblemente restablezca todos los nombres de usuario y contrase\u00f1as del sistema."
}
],
"id": "CVE-2019-3977",
"lastModified": "2024-11-21T04:42:59.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:20.407",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mikrotik.com/ | Product | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/2 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/2 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree) sufre de una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/igmp-proxy. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2020-20219",
"lastModified": "2024-11-21T05:11:55.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-21T15:15:12.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-13 12:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/lcdstat. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia del puntero NULL). NOTA: esto es diferente de CVE-2020-20253 y CVE-2020-20254. Las cuatro vulnerabilidades en el proceso /nova/bin/lcdstat son discutidas en la referencia CVE-2020-20250 github.com/cq674350529"
}
],
"id": "CVE-2020-20250",
"lastModified": "2024-11-21T05:11:57.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-13T12:15:09.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-27 07:59
Modified
2024-11-21 03:29
Severity ?
Summary
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96447 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96447 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5436E3-F0C4-4AD2-B098-A5E764DFB58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.83.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24343BA3-3B12-41D3-9F19-E29EA567FAFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret."
},
{
"lang": "es",
"value": "El Cliente L2TP en MikroTik RouterOS versiones 6.83.3 y 6.37.4 no habilita el cifrado IPsec despu\u00e9s de un reinicio, lo que permite a atacantes man-in-the-middle ver los datos transmitidos sin cifrar y obtener acceso a las redes en el servidor L2TP monitorizando los paquetes para los datos transmitidos y obtener el secreto L2TP."
}
],
"id": "CVE-2017-6297",
"lastModified": "2024-11-21T03:29:29.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-27T07:59:00.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96447"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/graphing. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2020-20216",
"lastModified": "2024-11-21T05:11:55.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-11 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/12 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/12 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /ram/pckg/wireless/nova/bin/wireless.\u0026#xa0;Un atacante autenticado remoto puede causar una Denegaci\u00f3n de Servicio debido a un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20265",
"lastModified": "2024-11-21T05:11:58.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-11T15:15:07.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:59
Severity ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DD338B-DFE1-48D5-AD40-A7941FBC27ED",
"versionEndExcluding": "6.40.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "EAFC594A-61C6-4D6B-AFF2-6F5CD8D20993",
"versionEndExcluding": "6.42.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON."
},
{
"lang": "es",
"value": "Mikrotik RouterOS en versiones anteriores a la 6.42.7 y 6.40.9 es vulnerable a una vulnerabilidad de agotamiento de pila. Un atacante remoto autenticado puede provocar el cierre inesperado del servidor HTTP mediante el an\u00e1lisis recursivo de JSON."
}
],
"id": "CVE-2018-1158",
"lastModified": "2024-11-21T03:59:18.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:00.563",
"references": [
{
"source": "vulnreport@tenable.com",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-14 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2020-01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-01 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "132324AA-4B0A-4359-B2FF-3566D758A379",
"versionEndExcluding": "6.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:winbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE5DC0-7B03-4115-9A6C-C7E34034601B",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client\u0027s authentication protocol and recover the user\u0027s username and MD5 hashed password."
},
{
"lang": "es",
"value": "MikroTik Winbox versi\u00f3n 3.20 y por debajo, es vulnerable a ataque de tipo man in the middle. Un ataque de tipo man in the middle puede degradar el protocolo de autenticaci\u00f3n del cliente y recuperar el nombre de usuario y el contrase\u00f1a con hash MD5."
}
],
"id": "CVE-2019-3981",
"lastModified": "2024-11-21T04:42:59.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-14T19:15:13.187",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-300"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/0 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.5:*:*:*:ltr:*:*:*",
"matchCriteriaId": "41C40183-6EF3-4FE0-9B4A-E1C001B2A005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.5 (long-term tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/console. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2020-20212",
"lastModified": "2024-11-21T05:11:54.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-26 13:15
Modified
2024-11-21 04:25
Severity ?
Summary
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2019/Jul/20 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2019/Jul/20 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D24937-2767-4850-B857-8F3010456BAF",
"versionEndExcluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D771599E-D29C-442D-8981-EAB7E80E78A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected."
},
{
"lang": "es",
"value": "RouterOS de Mikrotik anterior a versi\u00f3n 6.44.5 (\u00e1rbol de actualizaciones a largo plazo), es vulnerable al agotamiento de pila. Mediante el env\u00edo de una petici\u00f3n HTTP especialmente dise\u00f1ada, un atacante remoto autenticado puede bloquear el servidor HTTP por medio del an\u00e1lisis recursivo JSON. El c\u00f3digo no puede ser inyectado."
}
],
"id": "CVE-2019-13955",
"lastModified": "2024-11-21T04:25:46.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-26T13:15:12.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/12 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/12 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "326CCEF7-D2FE-41B3-9633-D8579D9398E8",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de fallo de aserci\u00f3n en el proceso /nova/bin/user. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un fallo de aserci\u00f3n por medio de un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20225",
"lastModified": "2024-11-21T05:11:56.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-14 21:15
Modified
2024-11-21 04:58
Severity ?
Summary
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/botlabsDev/CVE-2020-11881 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/botlabsDev/CVE-2020-11881 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC7BC77-0736-49E7-B0A9-A603222B8DB0",
"versionEndIncluding": "6.46.5",
"versionStartIncluding": "6.41.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C3C91C52-E72E-4FFE-AD8F-1BF3993F486D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:7.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AEEE25F1-317C-4C64-BA5B-C6DDC49F3B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:7.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "47C42E9B-D581-43FE-A13B-C2900F30B642",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964."
},
{
"lang": "es",
"value": "Un error de \u00edndice de matriz en MikroTik RouterOS versiones 6.41.3 hasta 6.46.5, y versiones 7.x hasta 7.0 Beta5, permite a un atacante no autenticado remoto bloquear el servidor SMB por medio de paquetes de petici\u00f3n de configuraci\u00f3n modificados, tambi\u00e9n se conoce como SUP-12964"
}
],
"id": "CVE-2020-11881",
"lastModified": "2024-11-21T04:58:49.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-14T21:15:10.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/botlabsDev/CVE-2020-11881"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/botlabsDev/CVE-2020-11881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-19 12:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md | Broken Link, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) en el proceso /ram/pckg/advanced-tools/nova/bin/netwatch.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un error de divisi\u00f3n por cero"
}
],
"id": "CVE-2020-20264",
"lastModified": "2024-11-21T05:11:58.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-19T12:15:07.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 02:15
Modified
2024-11-21 07:10
Severity ?
Summary
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://nns.ee/blog/2022/06/21/routeros-container-rce.html | Broken Link | |
| cve@mitre.org | https://nns.ee/blog/2022/08/05/routeros-container-rce.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nns.ee/blog/2022/06/21/routeros-container-rce.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nns.ee/blog/2022/08/05/routeros-container-rce.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:7.4:beta4:*:*:-:*:*:*",
"matchCriteriaId": "17C8FF64-79C3-4B68-9C74-C0C3F98ECDE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host."
},
{
"lang": "es",
"value": "El paquete contenedor en MikroTik RouterOS versi\u00f3n 7.4beta4, permite a un atacante crear puntos de montaje que apuntan a enlaces simb\u00f3licos, que son resueltos a ubicaciones en el dispositivo anfitri\u00f3n. Esto permite al atacante montar cualquier archivo arbitrario en cualquier ubicaci\u00f3n del host."
}
],
"id": "CVE-2022-34960",
"lastModified": "2024-11-21T07:10:28.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T02:15:19.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-08 12:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md | Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de consumo de recursos no controlado en el proceso /nova/bin/route. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a una sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20217",
"lastModified": "2024-11-21T05:11:55.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-08T12:15:09.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "E96DA8A8-65E0-4D1C-A15B-8A4F7A0644A1",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AA750EF2-6247-46CF-B800-C0417F6D35A5",
"versionEndIncluding": "6.45.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker\u0027s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning"
},
{
"lang": "es",
"value": "RouterOS versi\u00f3n 6.45.6 Stable, RouterOS versi\u00f3n 6.44.5 Long-Term y anteriores, permiten a atacantes remotos no autenticados activar consultas DNS mediante el puerto 8291. Las consultas son enviadas desde el router hacia un servidor de elecci\u00f3n del atacante. El router almacena en cach\u00e9 las respuestas DNS, resultando potencialmente en envenenamiento"
}
],
"id": "CVE-2019-3978",
"lastModified": "2024-11-21T04:42:59.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:20.500",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-19 03:15
Modified
2024-11-21 05:57
Severity ?
Summary
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47.9:*:*:*:-:*:*:*",
"matchCriteriaId": "899BBA29-3A0B-41A3-A077-AB4BEF29E5F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor\u0027s position is that this is intended behavior because of how user policies work"
},
{
"lang": "es",
"value": "** EN DISPUTA ** MikroTik RouterOS versi\u00f3n 6.47.9, permite a usuarios de ftp autenticados de forma remota crear o sobrescribir archivos .rsc arbitrarios por medio del comando /export.\u0026#xa0;NOTA: la posici\u00f3n del proveedor es que este es un comportamiento previsto debido a c\u00f3mo funcionan las pol\u00edticas de usuario"
}
],
"id": "CVE-2021-27221",
"lastModified": "2024-11-21T05:57:37.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-19T03:15:12.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://cwe.mitre.org/data/definitions/674.html | Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/674.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.5:*:*:*:ltr:*:*:*",
"matchCriteriaId": "41C40183-6EF3-4FE0-9B4A-E1C001B2A005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.5 (long-term tree) sufre de una vulnerabilidad de agotamiento de pila en el proceso /nova/bin/net. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a una sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20213",
"lastModified": "2024-11-21T05:11:54.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-02 22:15
Modified
2024-11-21 04:09
Severity ?
Summary
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Nat-Lab/CVE-2018-5951 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Nat-Lab/CVE-2018-5951 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DED322B-DACD-4FD1-8EBE-BF3B6E897921",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Mikrotik RouterOS. Dise\u00f1ando un paquete que posea un tama\u00f1o de 1 byte y envi\u00e1ndolo hacia una direcci\u00f3n IPv6 de una caja de RouterOS con IP Protocol 97 causar\u00e1 que RouterOS se reinicie de forma inminente. Todas las versiones de RouterOS compatibles con EoIPv6 son vulnerables a este ataque."
}
],
"id": "CVE-2018-5951",
"lastModified": "2024-11-21T04:09:44.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-02T22:15:12.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-26 18:15
Modified
2024-11-21 07:13
Severity ?
Summary
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md | Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AC45BF-39E8-464B-B9BB-8AD376A4A31E",
"versionEndIncluding": "6.48.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet."
},
{
"lang": "es",
"value": "Se ha detectado que Mikrotik RouterOs versiones hasta stable v6.48.3, contiene un fallo de aserci\u00f3n en el componente /advanced-tools/nova/bin/netwatch. Esta vulnerabilidad permite a atacantes causar una Denegaci\u00f3n de Servicio (DoS) por medio de un paquete dise\u00f1ado."
}
],
"id": "CVE-2022-36522",
"lastModified": "2024-11-21T07:13:13.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-26T18:15:09.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-03 16:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "80DE9657-39B1-4B60-ABFE-600F86C7F2F3",
"versionEndExcluding": "6.46.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.46.5 (\u00e1rbol estable) sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/traceroute. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a la variable de contador de bucle."
}
],
"id": "CVE-2020-20247",
"lastModified": "2024-11-21T05:11:57.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-03T16:15:07.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 19:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.3:*:*:*:-:*:*:*",
"matchCriteriaId": "F9F55FFD-A047-4AB2-A2F6-53537AD2A79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.46.3 (stable tree), sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/sniffer.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso inapropiado a la memoria"
}
],
"id": "CVE-2020-20236",
"lastModified": "2024-11-21T05:11:56.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T19:15:07.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-18 06:29
Modified
2024-11-21 03:33
Severity ?
Summary
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/May/59 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2017050062 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.vulnerability-lab.com/get_content.php?id=2064 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/May/59 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2017050062 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vulnerability-lab.com/get_content.php?id=2064 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF33501-CBA2-4ED1-9EF9-3FDCF8472BBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically."
},
{
"lang": "es",
"value": "Una vulnerabilidad en MikroTik versi\u00f3n 6.38.5 podr\u00eda permitir a un atacante remoto no autenticado agotar toda la CPU disponible mediante una inundaci\u00f3n de paquetes UDP en el puerto 500 (utilizado para L2TP a trav\u00e9s de IPsec), evitando que el enrutador afectado acepte nuevas conexiones; Todos los dispositivos se desconectar\u00e1n del enrutador y todos los registros se eliminar\u00e1n autom\u00e1ticamente."
}
],
"id": "CVE-2017-8338",
"lastModified": "2024-11-21T03:33:47.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-18T06:29:00.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 19:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree), sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/sniffer.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20222",
"lastModified": "2024-11-21T05:11:56.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T19:15:07.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.3:*:*:*:-:*:*:*",
"matchCriteriaId": "F9F55FFD-A047-4AB2-A2F6-53537AD2A79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n stable 6.46.3, sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso mactel.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso inapropiado a la memoria"
}
],
"id": "CVE-2020-20246",
"lastModified": "2024-11-21T05:11:57.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T20:15:07.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-16 15:15
Modified
2024-11-21 06:27
Severity ?
Summary
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mikrotik.com/download/archive | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/archive | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.8:*:*:*:*:*:*:*",
"matchCriteriaId": "648F25BC-BFD3-4E0F-962C-76B2DE45CBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD00B734-C416-47DC-977F-F0D351D0D32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E75DB60-0579-4CED-A78A-78D0899F65BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10."
},
{
"lang": "es",
"value": "En el servidor SCEP de RouterOS en ciertos productos Mikrotik, un atacante puede desencadenar un desbordamiento de b\u00fafer basado en heap que conduce a la ejecuci\u00f3n remota de c\u00f3digo. El atacante debe conocer el valor de scep_server_name. Esto afecta a RouterOS 6.46.8, 6.47.9 y 6.47.10"
}
],
"id": "CVE-2021-41987",
"lastModified": "2024-11-21T06:27:01.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-16T15:15:14.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/archive"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/archive"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47:*:*:*:-:*:*:*",
"matchCriteriaId": "70E15876-C2B4-49EF-AC5D-3FE0AE097F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n stable 6.47, sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/diskd.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso no v\u00e1lido a la memoria"
}
],
"id": "CVE-2020-20227",
"lastModified": "2024-11-21T05:11:56.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T20:15:07.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md | Broken Link, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8534A9B0-405D-4E52-8B77-F48C6FD67DEB",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre de una vulnerabilidad de divisi\u00f3n por cero en el proceso /nova/bin/lcdstat.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un error de divisi\u00f3n por cero"
}
],
"id": "CVE-2020-20253",
"lastModified": "2024-11-21T05:11:58.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T14:15:07.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.3:*:*:*:-:*:*:*",
"matchCriteriaId": "F9F55FFD-A047-4AB2-A2F6-53537AD2A79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n stable 6.46.3, sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso de registro.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso inapropiado a la memoria"
}
],
"id": "CVE-2020-20245",
"lastModified": "2024-11-21T05:11:57.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T20:15:07.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-07 16:15
Modified
2024-11-21 04:30
Severity ?
Summary
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB9F912-5BA6-4BD9-837D-ADFC07F0E0D7",
"versionEndExcluding": "6.45.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service."
},
{
"lang": "es",
"value": "Un subdesbordamiento de enteros en el servidor SMB de MikroTik RouterOS versiones anteriores a 6.45.5, permite a atacantes remotos no autenticados bloquear el servicio"
}
],
"id": "CVE-2019-16160",
"lastModified": "2024-11-21T04:30:10.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-07T16:15:12.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:59
Severity ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "61E0FC57-8604-4BA5-BF68-A46946C3B14E",
"versionEndExcluding": "6.40.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B4AC99-9E5F-480A-9884-D52271D2BC34",
"versionEndExcluding": "6.42.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system."
},
{
"lang": "es",
"value": "Mikrotik RouterOS en versiones anteriores a la 6.42.7 y 6.40.9 es vulnerable a un desbordamiento de b\u00fafer basado en pila a trav\u00e9s de la interfaz de actualizaci\u00f3n de la licencia. Esta vulnerabilidad podr\u00eda permitir, en teor\u00eda, que un atacante autenticado remoto ejecute c\u00f3digo arbitrario en el sistema."
}
],
"id": "CVE-2018-1156",
"lastModified": "2024-11-21T03:59:18.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:00.347",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "E96DA8A8-65E0-4D1C-A15B-8A4F7A0644A1",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AA750EF2-6247-46CF-B800-C0417F6D35A5",
"versionEndIncluding": "6.45.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router\u0027s DNS cache via malicious responses with additional and untrue records."
},
{
"lang": "es",
"value": "RouterOS versi\u00f3n 6.45.6 Stable, RouterOS versi\u00f3n 6.44.5 Long-Term y anteriores, son vulnerables a un ataque de datos no relacionado con DNS. El router agrega todos los registros A a su memoria cach\u00e9 DNS incluso cuando los registros no est\u00e1n relacionados con el dominio que se consult\u00f3. Por lo tanto, un servidor DNS controlado por un atacante remoto puede envenenar la memoria cach\u00e9 DNS del router mediante respuestas maliciosas con registros adicionales y falsos."
}
],
"id": "CVE-2019-3979",
"lastModified": "2024-11-21T04:42:59.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:20.610",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-05 16:15
Modified
2024-11-21 07:29
Severity ?
Summary
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A0CDCB-9550-4670-8270-8866932D9C59",
"versionEndExcluding": "7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Mikrotik RouterOs anteriores a la versi\u00f3n estable 7.6 conten\u00eda una lectura fuera de los l\u00edmites en el proceso snmp. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2022-45315",
"lastModified": "2024-11-21T07:29:02.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-05T16:15:10.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-20 20:29
Modified
2024-11-21 04:42
Severity ?
Summary
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | http://www.securityfocus.com/bid/107177 | Third Party Advisory, VDB Entry | |
| vulnreport@tenable.com | https://www.exploit-db.com/exploits/46444/ | Exploit, Third Party Advisory, VDB Entry | |
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-07 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107177 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46444/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-07 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "6ABE243E-294B-4E3F-87C1-B259C4F05E24",
"versionEndExcluding": "6.42.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35EB0774-C169-40D3-96E2-A92D150EB4E8",
"versionEndExcluding": "6.43.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
},
{
"lang": "es",
"value": "MikroTik RouterOS, en versiones anteriores a la 6.43.12 (stable) y 6.42.12 (long-term), es vulnerable a una vulnerabilidad de intermediario. El software ejecutar\u00e1 peticiones de red definidas por el usuario a los clientes WAN y LAN. Un atacante no autenticado remoto puede emplear esta vulnerabilidad para omitir el firewall del router o para realizar actividades generales de escaneo de red."
}
],
"id": "CVE-2019-3924",
"lastModified": "2024-11-21T04:42:52.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-20T20:29:03.047",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107177"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-441"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-441"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-27 04:49
Modified
2024-11-21 01:45
Severity ?
Summary
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEFE6DE-709E-45CC-BFF3-E37B9EEE2BC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router\u0027s DLLs or plugins, as demonstrated by roteros.dll."
},
{
"lang": "es",
"value": "El servicio winbox en MikroTik RouterOS v5.15 y anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU), leer la versi\u00f3n de router y posiblemente tener otros impactos a trav\u00e9s de la petici\u00f3n de descarga de complementos o DLL del router, como se demostr\u00f3 con roteros.dll."
}
],
"id": "CVE-2012-6050",
"lastModified": "2024-11-21T01:45:42.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-27T04:49:26.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-19 18:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre de una vulnerabilidad de corrupci\u00f3n de memoria en el proceso de resoluci\u00f3n. Mediante el env\u00edo de un paquete dise\u00f1ado, un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio"
}
],
"id": "CVE-2020-20249",
"lastModified": "2024-11-21T05:11:57.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-19T18:15:08.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/1 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "883E8144-7FE9-4BB1-94E2-B8FDA8F3E54A",
"versionEndExcluding": "6.44.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.44.6 (long-term tree) sufre de una vulnerabilidad de consumo de recursos no controlado en el proceso /nova/bin/cerm. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a la sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20221",
"lastModified": "2024-11-21T05:11:55.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-21T15:15:12.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-11 18:15
Modified
2024-11-21 06:13
Severity ?
Summary
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2022/Jun/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Jun/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86D2559B-56EB-465F-AF5E-714EAE71F069",
"versionEndExcluding": "6.48.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a stable 6.48.2, sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso ptp. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2021-36613",
"lastModified": "2024-11-21T06:13:52.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-11T18:15:22.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-19 05:24
Modified
2024-11-21 00:57
Severity ?
Summary
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/31025 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/44944 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/6366 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31025 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/44944 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/6366 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65E288F0-B974-4F43-8496-32B2600C9D7F",
"versionEndIncluding": "2.9.51",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04970C31-680F-4171-B97C-EBBBBE829A50",
"versionEndIncluding": "3.13",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request."
},
{
"lang": "es",
"value": "RouterOS de MikroTik versiones 3.x hasta 3.13 y versiones 2.x hasta 2.9.51, permite a los atacantes remotos modificar la configuraci\u00f3n de Network Management System (NMS) por medio de una petici\u00f3n de configuraci\u00f3n SNMP dise\u00f1ada."
}
],
"id": "CVE-2008-6976",
"lastModified": "2024-11-21T00:57:57.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-19T05:24:52.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31025"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/6366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/6366"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-13 18:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre de una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/lcdstat. Un atacante remoto autenticado puede causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20252",
"lastModified": "2024-11-21T05:11:58.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-13T18:15:07.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-11 18:15
Modified
2024-11-21 06:13
Severity ?
Summary
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2022/Jun/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Jun/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86D2559B-56EB-465F-AF5E-714EAE71F069",
"versionEndExcluding": "6.48.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a stable 6.48.2, sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso tr069-client. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2021-36614",
"lastModified": "2024-11-21T06:13:52.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-11T18:15:22.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:59
Severity ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DD338B-DFE1-48D5-AD40-A7941FBC27ED",
"versionEndExcluding": "6.40.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "EAFC594A-61C6-4D6B-AFF2-6F5CD8D20993",
"versionEndExcluding": "6.42.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting."
},
{
"lang": "es",
"value": "Mikrotik RouterOS en versiones anteriores a la 6.42.7 y 6.40.9 es vulnerable a una vulnerabilidad de corrupci\u00f3n de memoria. Un atacante remoto autenticado puede provocar el cierre inesperado del servidor HTTP autenticando y desconectando r\u00e1pidamente."
}
],
"id": "CVE-2018-1159",
"lastModified": "2024-11-21T03:59:18.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:00.690",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-19 14:59
Modified
2024-11-21 02:27
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14BD8496-71C5-46DF-B64B-A35175180C16",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF en MikroTik RouterOS 5.0 y anteriores permite a atacantes remotos secuestrar la autenticaci\u00f3n del administraci\u00f3n en peticiones que cambien la contrase\u00f1a de administrador a trav\u00e9s de una petici\u00f3n en la p\u00e1gina del estado en /cfg."
}
],
"id": "CVE-2015-2350",
"lastModified": "2024-11-21T02:27:16.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-19T14:59:02.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/73013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-19 21:29
Modified
2025-02-07 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Mar/38 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/103427 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44290/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Mar/38 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103427 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44290/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mikrotik | routeros | * | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 | |
| mikrotik | routeros | 6.4.2 |
{
"cisaActionDue": "2022-09-29",
"cisaExploitAdd": "2022-09-08",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5AFDA3-472A-4FAC-A92C-F3836E71603F",
"versionEndExcluding": "6.41.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc11:*:*:*:*:*:*",
"matchCriteriaId": "5BF5F829-70A8-4819-AB6D-05C1666F99B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc12:*:*:*:*:*:*",
"matchCriteriaId": "A8EE1A1D-2DEB-4F42-8446-5DA467D934F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc14:*:*:*:*:*:*",
"matchCriteriaId": "70EEF3DA-9C66-4A3A-B9D3-85B6549499B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc15:*:*:*:*:*:*",
"matchCriteriaId": "7B659F31-6194-4785-B455-1769982CB45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc18:*:*:*:*:*:*",
"matchCriteriaId": "58206CE0-812F-4A23-BFC3-847C663A9D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA06DCF1-D620-41F9-919A-3099DA5C834A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc20:*:*:*:*:*:*",
"matchCriteriaId": "E50FE870-2D1C-44B2-A38E-12A09DF158C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc23:*:*:*:*:*:*",
"matchCriteriaId": "68897675-E7C7-4777-B22A-39F1F3653DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc24:*:*:*:*:*:*",
"matchCriteriaId": "292CEA28-A4C0-4D9F-8193-8EEF25F46B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc27:*:*:*:*:*:*",
"matchCriteriaId": "884C2425-F41B-441D-AB25-A2751C7D6A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "DF44B44C-F37B-46BD-8EB5-929538889EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "226D0B58-2DE6-471B-AAFC-F04EEF644217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.4.2:rc9:*:*:*:*:*:*",
"matchCriteriaId": "23E5AD72-30D2-499E-85D3-8A573E05B61D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable."
},
{
"lang": "es",
"value": "Se ha encontrado un desbordamiento de b\u00fafer en el servicio MikroTik RouterOS SMB al procesar mensajes de petici\u00f3n de sesi\u00f3n NetBIOS. Los atacantes remotos con acceso al servicio pueden explotar esta vulnerabilidad y ejecutar c\u00f3digo en el sistema. El desbordamiento ocurre antes de que tenga lugar la autenticaci\u00f3n, por lo que es posible para un atacante remoto no autenticado explotarlo. Todas las arquitecturas y dispositivos que ejecutan RouterOS en versiones anteriores a la 6.41.3/6.42rc27 son vulnerables."
}
],
"id": "CVE-2018-7445",
"lastModified": "2025-02-07T17:15:11.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-03-19T21:29:01.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103427"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44290/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44290/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-19 18:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "91339E44-1C36-4AE4-804C-38835AD32DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre de un consumo incontrolado de recursos en el proceso memtest. Un atacante remoto autenticado puede causar una denegaci\u00f3n de servicio debido a la sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20248",
"lastModified": "2024-11-21T05:11:57.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-19T18:15:08.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-11 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/12 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/12 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree), sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/resolver.\u0026#xa0;Un atacante autenticado remoto puede causar una Denegaci\u00f3n de Servicio debido a un acceso a la memoria no v\u00e1lido"
}
],
"id": "CVE-2020-20267",
"lastModified": "2024-11-21T05:11:59.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-11T15:15:07.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-05 16:15
Modified
2024-11-21 07:29
Severity ?
Summary
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2135F2-4A85-4B12-93D3-F32045922A85",
"versionEndExcluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Mikrotik RouterOs anteriores a la versi\u00f3n estable 7.5 conten\u00eda una lectura fuera de los l\u00edmites en el proceso del punto de acceso. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje nova manipulado."
}
],
"id": "CVE-2022-45313",
"lastModified": "2024-11-21T07:29:02.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-05T16:15:09.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "650FC13E-CC2C-426C-A315-7BD9D8572748",
"versionEndIncluding": "6.48.3",
"versionStartIncluding": "6.44.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n estable hasta 6.48.3, sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/detnet. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2020-20231",
"lastModified": "2024-11-21T05:11:56.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T14:15:08.073",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md | Broken Link | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/2 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/2 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de fallo de aserci\u00f3n en el proceso /ram/pckg/security/nova/bin/ipsec. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un fallo de aserci\u00f3n por medio de un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20262",
"lastModified": "2024-11-21T05:11:58.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-21T15:15:12.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-19 12:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md | Broken Link, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8534A9B0-405D-4E52-8B77-F48C6FD67DEB",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/dot1x.\u0026#xa0;Un atacante remoto autenticado puede causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20266",
"lastModified": "2024-11-21T05:11:58.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-19T12:15:07.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-26 13:15
Modified
2024-11-21 04:25
Severity ?
Summary
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2019/Jul/20 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2019/Jul/20 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D24937-2767-4850-B857-8F3010456BAF",
"versionEndExcluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D771599E-D29C-442D-8981-EAB7E80E78A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected."
},
{
"lang": "es",
"value": "RouterOS de Mikrotik anterior a versi\u00f3n 6.44.5 (\u00e1rbol de actualizaciones a largo plazo) es vulnerable al agotamiento de la memoria. Mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada, un atacante remoto autenticado puede bloquear el servidor HTTP y, en algunas circunstancias, reiniciar el sistema. El c\u00f3digo no puede ser inyectado."
}
],
"id": "CVE-2019-13954",
"lastModified": "2024-11-21T04:25:46.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-26T13:15:12.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-12 13:15
Modified
2024-11-21 05:11
Severity ?
Summary
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://mikrotik.com | Product | |
| cve@mitre.org | http://router.com | Not Applicable | |
| cve@mitre.org | https://www.exploit-db.com/exploits/48228 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mikrotik.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://router.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/48228 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE16B96-C8E2-414D-949C-693087370840",
"versionEndIncluding": "6.46.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon."
}
],
"id": "CVE-2020-20021",
"lastModified": "2024-11-21T05:11:49.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-12T13:15:09.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://mikrotik.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://router.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://mikrotik.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://router.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-13 13:29
Modified
2024-11-21 03:40
Severity ?
Summary
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://janis-streib.de/2018/04/11/mikrotik-openvpn-security | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://janis-streib.de/2018/04/11/mikrotik-openvpn-security | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mikrotik:routeros:6.41.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA40BC-3E41-422D-BB2A-FE3AFCE2ECFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client\u0027s internal network (for example, at site-to-site tunnels)."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en MikroTik RouterOS 6.41.4. La falta de verificaci\u00f3n de certificados del servidor OpenVPN permite que un atacante remoto no autenticado intercepte el tr\u00e1fico del cliente para actuar como un servidor OpenVPN malicioso. Esto podr\u00eda permitir que el atacante obtenga acceso a la red interna del cliente (por ejemplo, en t\u00faneles site-to-site)."
}
],
"id": "CVE-2018-10066",
"lastModified": "2024-11-21T03:40:45.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-13T13:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-19 17:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/400.html | Technical Description | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/400.html | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre de un consumo no controlado de recursos en el proceso sshd. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a la sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20230",
"lastModified": "2024-11-21T05:11:56.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-19T17:15:10.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201907-0593
Vulnerability from variot
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in Mikrotik RouterOS versions prior to 6.44.5. Advisory: two vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Affected Versions: before 6.44.5 (Long-term release tree), before 6.45.1 (Stable release tree) Fixed Versions: 6.44.5 (Long-term release tree), 6.45.1 (Stable release tree) Vendor URL: https://mikrotik.com/download/changelogs/long-term-release-tree Vendor Status: fixed version released CVE: CVE-2019-13954, CVE-2019-13955 Credit: Qian Chen(@cq674350529) of the Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
- An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. It's because of the incomplete fix for the CVE-2018-1157.
Based on the poc for cve_2018_1157 provided by the @Jacob Baines (really appreciate!), crafting a filename ending with many '\x00' can bypass the original fix to trigger the vulnerability.
- CVE-2019-13955: stack exhaustion via recuring parsing of JSON This vulnerability is similar to the CVE-2018-1158. An authenticated user communicating with the www binary can trigger a stack exhaustion vulnerability via recursive parsing of JSON containing message type M.
Based on the poc for cve_2018_1158 provided by the @Jacob Baines (really appreciate!), crafting an JSON message with type M can trigger the vulnerability. A simple python script to generate the crafted message is as follows.
References
[1] https://mikrotik.com/download/changelogs/long-term-release-tree [2] https://github.com/tenable/routeros
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.45"
},
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.5 (long-term release tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"db": "NVD",
"id": "CVE-2019-13954"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "153733"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1353"
}
],
"trust": 0.7
},
"cve": "CVE-2019-13954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-13954",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-145852",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-13954",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13954",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-13954",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1353",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-145852",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145852"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1353"
},
{
"db": "NVD",
"id": "CVE-2019-13954"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in Mikrotik RouterOS versions prior to 6.44.5. Advisory: two vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nAffected Versions: before 6.44.5 (Long-term release tree),\n before 6.45.1 (Stable release tree)\nFixed Versions: 6.44.5 (Long-term release tree),\n 6.45.1 (Stable release tree)\nVendor URL: https://mikrotik.com/download/changelogs/long-term-release-tree\nVendor Status: fixed version released\nCVE: CVE-2019-13954, CVE-2019-13955\nCredit: Qian Chen(@cq674350529) of the Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\n1. An authenticated user\ncan cause the www binary to consume all memory via a crafted POST request\nto /jsproxy/upload. It\u0027s because of the incomplete fix for the\nCVE-2018-1157. \n\nBased on the poc for cve_2018_1157 provided by the @Jacob Baines (really\nappreciate!), crafting a filename ending with many \u0027\\x00\u0027 can bypass the\noriginal fix to trigger the vulnerability. \n\n\n2. CVE-2019-13955: stack exhaustion via recuring parsing of JSON\nThis vulnerability is similar to the CVE-2018-1158. An authenticated user\ncommunicating with the www binary can trigger a stack exhaustion\nvulnerability via recursive parsing of JSON containing message type M. \n\nBased on the poc for cve_2018_1158 provided by the @Jacob Baines (really\nappreciate!), crafting an JSON message with type M can trigger the\nvulnerability. A simple python script to generate the crafted message is as\nfollows. \n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/long-term-release-tree\n[2] https://github.com/tenable/routeros\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13954"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"db": "VULHUB",
"id": "VHN-145852"
},
{
"db": "PACKETSTORM",
"id": "153733"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "153733",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2019-13954",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007387",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1353",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-145852",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145852"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"db": "PACKETSTORM",
"id": "153733"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1353"
},
{
"db": "NVD",
"id": "CVE-2019-13954"
}
]
},
"id": "VAR-201907-0593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-145852"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:30:00.045000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RouterOS",
"trust": 0.8,
"url": "https://mikrotik.com/software"
},
{
"title": "MikroTik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95503"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1353"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145852"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"db": "NVD",
"id": "CVE-2019-13954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/153733/mikrotik-routeros-resource-stack-exhaustion.html"
},
{
"trust": 1.7,
"url": "https://seclists.org/fulldisclosure/2019/jul/20"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13954"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13954"
},
{
"trust": 0.1,
"url": "https://github.com/tenable/routeros"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13955"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/long-term-release-tree"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145852"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"db": "PACKETSTORM",
"id": "153733"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1353"
},
{
"db": "NVD",
"id": "CVE-2019-13954"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-145852"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"db": "PACKETSTORM",
"id": "153733"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1353"
},
{
"db": "NVD",
"id": "CVE-2019-13954"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-145852"
},
{
"date": "2019-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"date": "2019-07-24T02:32:22",
"db": "PACKETSTORM",
"id": "153733"
},
{
"date": "2019-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1353"
},
{
"date": "2019-07-26T13:15:12.830000",
"db": "NVD",
"id": "CVE-2019-13954"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-145852"
},
{
"date": "2019-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007387"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1353"
},
{
"date": "2024-11-21T04:25:46.347000",
"db": "NVD",
"id": "CVE-2019-13954"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1353"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007387"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1353"
}
],
"trust": 0.6
}
}
var-202107-0084
Vulnerability from variot
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Re: Two vulnerabilities found in MikroTik's RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017176"
},
{
"db": "NVD",
"id": "CVE-2020-20221"
}
]
},
"cve": "CVE-2020-20221",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20221",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173678",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20221",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20221",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20221",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20221",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1587",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173678",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173678"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017176"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1587"
},
{
"db": "NVD",
"id": "CVE-2020-20221"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20221"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017176"
},
{
"db": "VULHUB",
"id": "VHN-173678"
},
{
"db": "VULMON",
"id": "CVE-2020-20221"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20221",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017176",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1587",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173678",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20221",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173678"
},
{
"db": "VULMON",
"id": "CVE-2020-20221"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017176"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1587"
},
{
"db": "NVD",
"id": "CVE-2020-20221"
}
]
},
"id": "VAR-202107-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173678"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:03:08.187000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017176"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173678"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017176"
},
{
"db": "NVD",
"id": "CVE-2020-20221"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://seclists.org/fulldisclosure/2021/may/1"
},
{
"trust": 1.7,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 1.7,
"url": "https://seclists.org/fulldisclosure/2020/may/30"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20221"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173678"
},
{
"db": "VULMON",
"id": "CVE-2020-20221"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017176"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1587"
},
{
"db": "NVD",
"id": "CVE-2020-20221"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173678"
},
{
"db": "VULMON",
"id": "CVE-2020-20221"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017176"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1587"
},
{
"db": "NVD",
"id": "CVE-2020-20221"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-173678"
},
{
"date": "2022-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017176"
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1587"
},
{
"date": "2021-07-21T15:15:12.777000",
"db": "NVD",
"id": "CVE-2020-20221"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-173678"
},
{
"date": "2022-06-27T00:53:00",
"db": "JVNDB",
"id": "JVNDB-2020-017176"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1587"
},
{
"date": "2022-10-26T18:56:07.393000",
"db": "NVD",
"id": "CVE-2020-20221"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1587"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Resource exhaustion vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017176"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1587"
}
],
"trust": 0.6
}
}
var-201712-0854
Vulnerability from variot
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. MikroTik The device contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router. A security vulnerability exists in MikroTik version 6.40.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0854",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "router",
"scope": "eq",
"trust": 1.6,
"vendor": "mikrotik",
"version": "6.40.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.40.5"
},
{
"model": "mikrotik",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.40.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00582"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-461"
},
{
"db": "NVD",
"id": "CVE-2017-17538"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
}
]
},
"cve": "CVE-2017-17538",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-17538",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-00582",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-108570",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17538",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17538",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-17538",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-00582",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-461",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-108570",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00582"
},
{
"db": "VULHUB",
"id": "VHN-108570"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-461"
},
{
"db": "NVD",
"id": "CVE-2017-17538"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. MikroTik The device contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router. A security vulnerability exists in MikroTik version 6.40.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17538"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
},
{
"db": "CNVD",
"id": "CNVD-2018-00582"
},
{
"db": "VULHUB",
"id": "VHN-108570"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-108570",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108570"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17538",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "43317",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011182",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-461",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "43317",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-00582",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "145383",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-108570",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00582"
},
{
"db": "VULHUB",
"id": "VHN-108570"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-461"
},
{
"db": "NVD",
"id": "CVE-2017-17538"
}
]
},
"id": "VAR-201712-0854",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00582"
},
{
"db": "VULHUB",
"id": "VHN-108570"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00582"
}
]
},
"last_update_date": "2024-11-23T23:08:52.485000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108570"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
},
{
"db": "NVD",
"id": "CVE-2017-17538"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.exploit-db.com/exploits/43317/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17538"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17538"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00582"
},
{
"db": "VULHUB",
"id": "VHN-108570"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-461"
},
{
"db": "NVD",
"id": "CVE-2017-17538"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00582"
},
{
"db": "VULHUB",
"id": "VHN-108570"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-461"
},
{
"db": "NVD",
"id": "CVE-2017-17538"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00582"
},
{
"date": "2017-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-108570"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011182"
},
{
"date": "2017-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-461"
},
{
"date": "2017-12-13T09:29:00.217000",
"db": "NVD",
"id": "CVE-2017-17538"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00582"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108570"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011182"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-461"
},
{
"date": "2024-11-21T03:18:07.727000",
"db": "NVD",
"id": "CVE-2017-17538"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-461"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik Vulnerabilities related to resource management in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011182"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-461"
}
],
"trust": 0.6
}
}
var-202107-0091
Vulnerability from variot
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0091",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"db": "NVD",
"id": "CVE-2020-20252"
}
]
},
"cve": "CVE-2020-20252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20252",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173712",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20252",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20252",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20252",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20252",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-959",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173712",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20252",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173712"
},
{
"db": "VULMON",
"id": "CVE-2020-20252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-959"
},
{
"db": "NVD",
"id": "CVE-2020-20252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"db": "VULHUB",
"id": "VHN-173712"
},
{
"db": "VULMON",
"id": "CVE-2020-20252"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20252",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009265",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-959",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173712",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20252",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173712"
},
{
"db": "VULMON",
"id": "CVE-2020-20252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-959"
},
{
"db": "NVD",
"id": "CVE-2020-20252"
}
]
},
"id": "VAR-202107-0091",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173712"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:43:27.759000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "Mikrotik Routeros Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156648"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-959"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"db": "NVD",
"id": "CVE-2020-20252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2020-20252/readme.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20252"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173712"
},
{
"db": "VULMON",
"id": "CVE-2020-20252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-959"
},
{
"db": "NVD",
"id": "CVE-2020-20252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173712"
},
{
"db": "VULMON",
"id": "CVE-2020-20252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-959"
},
{
"db": "NVD",
"id": "CVE-2020-20252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-173712"
},
{
"date": "2021-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20252"
},
{
"date": "2022-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"date": "2021-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-959"
},
{
"date": "2021-07-13T18:15:07.813000",
"db": "NVD",
"id": "CVE-2020-20252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-173712"
},
{
"date": "2021-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20252"
},
{
"date": "2022-04-19T07:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-009265"
},
{
"date": "2021-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-959"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2020-20252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-959"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009265"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-959"
}
],
"trust": 0.6
}
}
var-202107-0092
Vulnerability from variot
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state. Re: Two vulnerabilities found in MikroTik's RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017175"
},
{
"db": "NVD",
"id": "CVE-2020-20262"
}
]
},
"cve": "CVE-2020-20262",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20262",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173723",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20262",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20262",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20262",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20262",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1585",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173723",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017175"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1585"
},
{
"db": "NVD",
"id": "CVE-2020-20262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state. Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20262"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017175"
},
{
"db": "VULHUB",
"id": "VHN-173723"
},
{
"db": "VULMON",
"id": "CVE-2020-20262"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20262",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017175",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1585",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173723",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20262",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173723"
},
{
"db": "VULMON",
"id": "CVE-2020-20262"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017175"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1585"
},
{
"db": "NVD",
"id": "CVE-2020-20262"
}
]
},
"id": "VAR-202107-0092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173723"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:53:58.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017175"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-617",
"trust": 1.1
},
{
"problemtype": "Reachable assertions (CWE-617) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017175"
},
{
"db": "NVD",
"id": "CVE-2020-20262"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://seclists.org/fulldisclosure/2021/may/2"
},
{
"trust": 1.7,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/mikrotik/vul_ipsec/readme.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20262"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173723"
},
{
"db": "VULMON",
"id": "CVE-2020-20262"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017175"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1585"
},
{
"db": "NVD",
"id": "CVE-2020-20262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173723"
},
{
"db": "VULMON",
"id": "CVE-2020-20262"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017175"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1585"
},
{
"db": "NVD",
"id": "CVE-2020-20262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-173723"
},
{
"date": "2022-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017175"
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1585"
},
{
"date": "2021-07-21T15:15:12.807000",
"db": "NVD",
"id": "CVE-2020-20262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-173723"
},
{
"date": "2022-06-27T00:50:00",
"db": "JVNDB",
"id": "JVNDB-2020-017175"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1585"
},
{
"date": "2021-07-30T13:20:50.257000",
"db": "NVD",
"id": "CVE-2020-20262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1585"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Reachable Assertiveness Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017175"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1585"
}
],
"trust": 0.6
}
}
var-200802-0399
Vulnerability from variot
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request. MikroTik RouterOS is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash an affected router, denying service to legitimate users. This issue affects versions up to and including RouterOS 3.2.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: RouterOS SNMPd "SNMP SET" Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA28762
VERIFY ADVISORY: http://secunia.com/advisories/28762/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From local network
OPERATING SYSTEM: RouterOS 3.x http://secunia.com/product/17436/
DESCRIPTION: ShadOS has reported a vulnerability in RouterOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the processing of SNMP requests received by the SNMPd server.
The vulnerability is reported in version 3.2.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: ShadOS
ORIGINAL ADVISORY: http://milw0rm.com/exploits/5054
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200802-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.8,
"vendor": "microtik",
"version": "3.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "3.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.2"
}
],
"sources": [
{
"db": "BID",
"id": "27599"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-181"
},
{
"db": "NVD",
"id": "CVE-2008-0680"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:microtik:routeros",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ShadOS is credited with discovering this vulnerability.",
"sources": [
{
"db": "BID",
"id": "27599"
}
],
"trust": 0.3
},
"cve": "CVE-2008-0680",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-0680",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-30805",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0680",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-0680",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200802-181",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-30805",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2008-0680",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30805"
},
{
"db": "VULMON",
"id": "CVE-2008-0680"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-181"
},
{
"db": "NVD",
"id": "CVE-2008-0680"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request. MikroTik RouterOS is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash an affected router, denying service to legitimate users. \nThis issue affects versions up to and including RouterOS 3.2. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nRouterOS SNMPd \"SNMP SET\" Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA28762\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28762/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nRouterOS 3.x\nhttp://secunia.com/product/17436/\n\nDESCRIPTION:\nShadOS has reported a vulnerability in RouterOS, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error within the processing of\nSNMP requests received by the SNMPd server. \n\nThe vulnerability is reported in version 3.2. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nShadOS\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/5054\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0680"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
},
{
"db": "BID",
"id": "27599"
},
{
"db": "VULHUB",
"id": "VHN-30805"
},
{
"db": "VULMON",
"id": "CVE-2008-0680"
},
{
"db": "PACKETSTORM",
"id": "63251"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-30805",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=5054",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30805"
},
{
"db": "VULMON",
"id": "CVE-2008-0680"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0680",
"trust": 2.9
},
{
"db": "BID",
"id": "27599",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "28762",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "5054",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2008-0399",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004051",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200802-181",
"trust": 0.7
},
{
"db": "MILW0RM",
"id": "5054",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-65171",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-30805",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-0680",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63251",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30805"
},
{
"db": "VULMON",
"id": "CVE-2008-0680"
},
{
"db": "BID",
"id": "27599"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
},
{
"db": "PACKETSTORM",
"id": "63251"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-181"
},
{
"db": "NVD",
"id": "CVE-2008-0680"
}
]
},
"id": "VAR-200802-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30805"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:39:42.913000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mikrotik.com/software.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
},
{
"db": "NVD",
"id": "CVE-2008-0680"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/27599"
},
{
"trust": 1.8,
"url": "http://hellknights.void.ru/shados/snmp_sploit.c"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/28762"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/5054"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2008/0399"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0680"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0680"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/5054"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0399"
},
{
"trust": 0.3,
"url": "http://www.mikrotik.com/software.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/5054/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17436/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://milw0rm.com/exploits/5054"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28762/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30805"
},
{
"db": "VULMON",
"id": "CVE-2008-0680"
},
{
"db": "BID",
"id": "27599"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
},
{
"db": "PACKETSTORM",
"id": "63251"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-181"
},
{
"db": "NVD",
"id": "CVE-2008-0680"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30805"
},
{
"db": "VULMON",
"id": "CVE-2008-0680"
},
{
"db": "BID",
"id": "27599"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
},
{
"db": "PACKETSTORM",
"id": "63251"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-181"
},
{
"db": "NVD",
"id": "CVE-2008-0680"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-30805"
},
{
"date": "2008-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2008-0680"
},
{
"date": "2008-02-04T00:00:00",
"db": "BID",
"id": "27599"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004051"
},
{
"date": "2008-02-05T00:19:12",
"db": "PACKETSTORM",
"id": "63251"
},
{
"date": "2008-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200802-181"
},
{
"date": "2008-02-12T01:00:00",
"db": "NVD",
"id": "CVE-2008-0680"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-30805"
},
{
"date": "2017-10-04T00:00:00",
"db": "VULMON",
"id": "CVE-2008-0680"
},
{
"date": "2015-05-07T17:33:00",
"db": "BID",
"id": "27599"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004051"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200802-181"
},
{
"date": "2024-11-21T00:42:39.917000",
"db": "NVD",
"id": "CVE-2008-0680"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200802-181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MicroTik RouterOS of SNMPd Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004051"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "design error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200802-181"
}
],
"trust": 0.6
}
}
var-202105-0088
Vulnerability from variot
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a buffer error vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.46.3, 6.46.4, 6.46.5, 6.46.6, 6.46.7, 6.46.8, 6.47, 6.47.1, 6.47.2, 6.47.3, 6.47. Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: no fix yet CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
Description of vulnerabilities
These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities. However, there is still no fix for them yet. By the way, the three vulnerabilities in sniffer binary are different from each one.
- There is a reachable assertion in the btest process. By sending a crafted packet, an authenticated remote user can crash the btest process due to assertion failure.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: /nova/bin/btest
2020.06.19-15:51:36.94@0: --- signal=6
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246
2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880
esp=0x7fdcf878 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f edx=0x00000006 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: maps: 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006 /nova/bin/btest 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947 /lib/libucrypto.so 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71 77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c 77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: code: 0x7772255b 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.44.5, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
- By sending a crafted packet, an authenticated remote user can crash the sniffer process due to NULL pointer dereference.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: /nova/bin/sniffer
2020.06.19-16:36:18.33@0: --- signal=11
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206
2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8
esp=0x7f85c080 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000 edx=0x08059678 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: maps: 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05 08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00 00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77 2020.06.19-16:36:18.34@0: 2020.06.19-16:36:18.34@0: code: 0x8050e33 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53 56
This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: /nova/bin/sniffer
2020.06.19-16:58:33.42@0: --- signal=11
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202
2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428
esp=0x7f8df3e0 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704 edx=0x08073714 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: maps: 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07 08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00 00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: code: 0x8050dac 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34 08
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest version stable 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: /nova/bin/sniffer
2020.06.19-17:58:43.98@0: --- signal=11
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202
2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38
esp=0x7ff96af8 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034 edx=0x77721014 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: maps: 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00 00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00 00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: code: 0x77712055 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b 42
Interestingly, the same poc resulted in another different crash dump(SIGABRT) against stable 6.48.2.
# cat /rw/logs/backtrace.log
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: /nova/bin/sniffer
2021.05.07-16:02:37.25@0: --- signal=6
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246
2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8
esp=0x7f97def0 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6 edx=0x00000006 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: maps: 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036 /nova/bin/sniffer 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951 /lib/libubox.so 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e 77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f 77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: code: 0x776f255b 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest stable version 6.48.2 suffers from an assertion failure vulnerability when running the same poc.
Solution
No upgrade firmware available yet
References
[1] https://mikrotik.com/download/changelogs/stable-release-tree
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.46.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.46.3 (stable tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
}
],
"trust": 0.7
},
"cve": "CVE-2020-20236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20236",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173694",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20236",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20236",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20236",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20236",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-479",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173694",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20236",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a buffer error vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.46.3, 6.46.4, 6.46.5, 6.46.6, 6.46.7, 6.46.8, 6.47, 6.47.1, 6.47.2, 6.47.3, 6.47. Advisory: four vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nVendor URL: https://mikrotik.com/\nVendor Status: no fix yet\nCVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237\nCredit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\nDescription of vulnerabilities\n==========================\nThese vulnerabilities were reported to the vendor almost one year ago. And\nthe vendor confirmed these vulnerabilities. However, there is still no fix\nfor them yet. \nBy the way, the three vulnerabilities in sniffer binary are different from\neach one. \n\n1. There is\na reachable assertion in the btest process. By sending a crafted packet, an\nauthenticated remote user can crash the btest process due to assertion\nfailure. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: /nova/bin/btest\n 2020.06.19-15:51:36.94@0: --- signal=6\n--------------------------------------------\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246\n 2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880\nesp=0x7fdcf878\n 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f\nedx=0x00000006\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: maps:\n 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006\n /nova/bin/btest\n 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947\n /lib/libucrypto.so\n 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878\n 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71\n77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00\n 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c\n77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: code: 0x7772255b\n 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.44.5, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n2. By\nsending a crafted packet, an authenticated remote user can crash the\nsniffer process due to NULL pointer dereference. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206\n 2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8\nesp=0x7f85c080\n 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000\nedx=0x08059678\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: maps:\n 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080\n 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05\n08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08\n 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00\n00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77\n 2020.06.19-16:36:18.34@0:\n 2020.06.19-16:36:18.34@0: code: 0x8050e33\n 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53\n56\n\nThis vulnerability was initially found in long-term 6.44.6, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n3. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202\n 2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428\nesp=0x7f8df3e0\n 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704\nedx=0x08073714\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: maps:\n 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0\n 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07\n08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08\n 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00\n00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: code: 0x8050dac\n 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34\n08\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest version stable 6.48.2 still suffers from this vulnerability. \n\n4. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: --- signal=11\n--------------------------------------------\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202\n 2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38\nesp=0x7ff96af8\n 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034\nedx=0x77721014\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: maps:\n 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8\n 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00\n00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77\n 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00\n00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: code: 0x77712055\n 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b\n42\n\nInterestingly, the same poc resulted in another different crash\ndump(SIGABRT) against stable 6.48.2. \n\n # cat /rw/logs/backtrace.log\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: --- signal=6\n--------------------------------------------\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246\n 2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8\nesp=0x7f97def0\n 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6\nedx=0x00000006\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: maps:\n 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036\n /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0\n 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e\n77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00\n 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f\n77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: code: 0x776f255b\n 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest stable version 6.48.2 suffers from an assertion failure\nvulnerability when running the same poc. \n\n\nSolution\n========\n\nNo upgrade firmware available yet\n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/stable-release-tree\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "PACKETSTORM",
"id": "162513"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20236",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162513",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021051005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173694",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20236",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"id": "VAR-202105-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:10:41.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/162513/mikrotik-routeros-6.46.5-memory-corruption-assertion-failure.html"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2021/may/15"
},
{
"trust": 1.9,
"url": "https://mikrotik.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20236"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051005"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20214"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173694"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"date": "2021-05-10T14:25:07",
"db": "PACKETSTORM",
"id": "162513"
},
{
"date": "2021-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-18T19:15:07.767000",
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173694"
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"date": "2022-01-25T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
}
],
"trust": 0.6
}
}
var-200908-0183
Vulnerability from variot
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request. MikroTik RouterOS is prone to a security-bypass vulnerability because the software fails to sufficiently sanitize SNMP requests. This may aid in further attacks. Versions up to and including RouterOS 3.13 and 2.9.51 are vulnerable. MicroTik RouterOS is a solution that turns a standard PC into a network router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200908-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "gte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "3.0"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "2.9.51"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "3.13"
},
{
"model": "routeros",
"scope": "gte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "2.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "microtik",
"version": "3.x to 3.13"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "microtik",
"version": "2.x to 2.9.51"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "2.9.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "2.9.43"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "2.9.41"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "3.07"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "3.12"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "2.9.44"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "3.13"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "3.08"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "2.9.45"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "2.9.51"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.51"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.50"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.49"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.48"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.46"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.45"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.44"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.43"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.41"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.40"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.13"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.12"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.11"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.10"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.09"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.08"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.07"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "31025"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-231"
},
{
"db": "NVD",
"id": "CVE-2008-6976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:microtik:routeros",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ShadOS",
"sources": [
{
"db": "BID",
"id": "31025"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-231"
}
],
"trust": 0.9
},
"cve": "CVE-2008-6976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2008-6976",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-37101",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-6976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-6976",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200908-231",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-37101",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37101"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-231"
},
{
"db": "NVD",
"id": "CVE-2008-6976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request. MikroTik RouterOS is prone to a security-bypass vulnerability because the software fails to sufficiently sanitize SNMP requests. This may aid in further attacks. \nVersions up to and including RouterOS 3.13 and 2.9.51 are vulnerable. MicroTik RouterOS is a solution that turns a standard PC into a network router",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-6976"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
},
{
"db": "BID",
"id": "31025"
},
{
"db": "VULHUB",
"id": "VHN-37101"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-37101",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37101"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-6976",
"trust": 2.8
},
{
"db": "BID",
"id": "31025",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "6366",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004329",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200908-231",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-65689",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-37101",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37101"
},
{
"db": "BID",
"id": "31025"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-231"
},
{
"db": "NVD",
"id": "CVE-2008-6976"
}
]
},
"id": "VAR-200908-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-37101"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:23:43.820000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mikrotik.com/software.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37101"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
},
{
"db": "NVD",
"id": "CVE-2008-6976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/31025"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/6366"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6976"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6976"
},
{
"trust": 0.3,
"url": "http://www.mikrotik.com/software.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37101"
},
{
"db": "BID",
"id": "31025"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-231"
},
{
"db": "NVD",
"id": "CVE-2008-6976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-37101"
},
{
"db": "BID",
"id": "31025"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-231"
},
{
"db": "NVD",
"id": "CVE-2008-6976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-37101"
},
{
"date": "2008-09-05T00:00:00",
"db": "BID",
"id": "31025"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004329"
},
{
"date": "2009-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-231"
},
{
"date": "2009-08-19T05:24:52.157000",
"db": "NVD",
"id": "CVE-2008-6976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-37101"
},
{
"date": "2015-04-16T17:54:00",
"db": "BID",
"id": "31025"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004329"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-231"
},
{
"date": "2024-11-21T00:57:57.403000",
"db": "NVD",
"id": "CVE-2008-6976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-231"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MicroTik RouterOS In NMS Vulnerability whose settings are changed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004329"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-231"
}
],
"trust": 0.6
}
}
var-202107-0087
Vulnerability from variot
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "gte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.6"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.48.3"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.48.3 until"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009636"
},
{
"db": "NVD",
"id": "CVE-2020-20231"
}
]
},
"cve": "CVE-2020-20231",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20231",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173689",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20231",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20231",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20231",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20231",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1020",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173689",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20231",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173689"
},
{
"db": "VULMON",
"id": "CVE-2020-20231"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009636"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1020"
},
{
"db": "NVD",
"id": "CVE-2020-20231"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20231"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009636"
},
{
"db": "VULHUB",
"id": "VHN-173689"
},
{
"db": "VULMON",
"id": "CVE-2020-20231"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20231",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009636",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1020",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173689",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20231",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173689"
},
{
"db": "VULMON",
"id": "CVE-2020-20231"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009636"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1020"
},
{
"db": "NVD",
"id": "CVE-2020-20231"
}
]
},
"id": "VAR-202107-0087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173689"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:44:23.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009636"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173689"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009636"
},
{
"db": "NVD",
"id": "CVE-2020-20231"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2020-20231/readme.md"
},
{
"trust": 1.8,
"url": "https://mikrotik.com/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20231"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173689"
},
{
"db": "VULMON",
"id": "CVE-2020-20231"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009636"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1020"
},
{
"db": "NVD",
"id": "CVE-2020-20231"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173689"
},
{
"db": "VULMON",
"id": "CVE-2020-20231"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009636"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1020"
},
{
"db": "NVD",
"id": "CVE-2020-20231"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-173689"
},
{
"date": "2021-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20231"
},
{
"date": "2022-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009636"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1020"
},
{
"date": "2021-07-14T14:15:08.073000",
"db": "NVD",
"id": "CVE-2020-20231"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-173689"
},
{
"date": "2021-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20231"
},
{
"date": "2022-05-16T07:09:00",
"db": "JVNDB",
"id": "JVNDB-2021-009636"
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1020"
},
{
"date": "2021-07-20T23:32:19.287000",
"db": "NVD",
"id": "CVE-2020-20231"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009636"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1020"
}
],
"trust": 0.6
}
}
var-201907-0594
Vulnerability from variot
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in Mikrotik RouterOS versions prior to 6.44.5. Advisory: two vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Affected Versions: before 6.44.5 (Long-term release tree), before 6.45.1 (Stable release tree) Fixed Versions: 6.44.5 (Long-term release tree), 6.45.1 (Stable release tree) Vendor URL: https://mikrotik.com/download/changelogs/long-term-release-tree Vendor Status: fixed version released CVE: CVE-2019-13954, CVE-2019-13955 Credit: Qian Chen(@cq674350529) of the Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
- CVE-2019-13954: memory exhaustion via a crafted POST request This vulnerability is similiar to the CVE-2018-1157. An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. It's because of the incomplete fix for the CVE-2018-1157.
Based on the poc for cve_2018_1157 provided by the @Jacob Baines (really appreciate!), crafting a filename ending with many '\x00' can bypass the original fix to trigger the vulnerability.
- An authenticated user communicating with the www binary can trigger a stack exhaustion vulnerability via recursive parsing of JSON containing message type M.
Based on the poc for cve_2018_1158 provided by the @Jacob Baines (really appreciate!), crafting an JSON message with type M can trigger the vulnerability. A simple python script to generate the crafted message is as follows.
References
[1] https://mikrotik.com/download/changelogs/long-term-release-tree [2] https://github.com/tenable/routeros
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0594",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.45"
},
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.5 (long-term release tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"db": "NVD",
"id": "CVE-2019-13955"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "153733"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1354"
}
],
"trust": 0.7
},
"cve": "CVE-2019-13955",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-13955",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-145853",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-13955",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13955",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-13955",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1354",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-145853",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145853"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1354"
},
{
"db": "NVD",
"id": "CVE-2019-13955"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in Mikrotik RouterOS versions prior to 6.44.5. Advisory: two vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nAffected Versions: before 6.44.5 (Long-term release tree),\n before 6.45.1 (Stable release tree)\nFixed Versions: 6.44.5 (Long-term release tree),\n 6.45.1 (Stable release tree)\nVendor URL: https://mikrotik.com/download/changelogs/long-term-release-tree\nVendor Status: fixed version released\nCVE: CVE-2019-13954, CVE-2019-13955\nCredit: Qian Chen(@cq674350529) of the Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\n1. CVE-2019-13954: memory exhaustion via a crafted POST request\nThis vulnerability is similiar to the CVE-2018-1157. An authenticated user\ncan cause the www binary to consume all memory via a crafted POST request\nto /jsproxy/upload. It\u0027s because of the incomplete fix for the\nCVE-2018-1157. \n\nBased on the poc for cve_2018_1157 provided by the @Jacob Baines (really\nappreciate!), crafting a filename ending with many \u0027\\x00\u0027 can bypass the\noriginal fix to trigger the vulnerability. \n\n\n2. An authenticated user\ncommunicating with the www binary can trigger a stack exhaustion\nvulnerability via recursive parsing of JSON containing message type M. \n\nBased on the poc for cve_2018_1158 provided by the @Jacob Baines (really\nappreciate!), crafting an JSON message with type M can trigger the\nvulnerability. A simple python script to generate the crafted message is as\nfollows. \n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/long-term-release-tree\n[2] https://github.com/tenable/routeros\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13955"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"db": "VULHUB",
"id": "VHN-145853"
},
{
"db": "PACKETSTORM",
"id": "153733"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "153733",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2019-13955",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007388",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1354",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-145853",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145853"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"db": "PACKETSTORM",
"id": "153733"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1354"
},
{
"db": "NVD",
"id": "CVE-2019-13955"
}
]
},
"id": "VAR-201907-0594",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-145853"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:30:00.073000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RouterOS",
"trust": 0.8,
"url": "https://mikrotik.com/software"
},
{
"title": "MikroTik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95504"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-674",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145853"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"db": "NVD",
"id": "CVE-2019-13955"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/153733/mikrotik-routeros-resource-stack-exhaustion.html"
},
{
"trust": 1.7,
"url": "https://seclists.org/fulldisclosure/2019/jul/20"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13955"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13955"
},
{
"trust": 0.1,
"url": "https://github.com/tenable/routeros"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13954"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/long-term-release-tree"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145853"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"db": "PACKETSTORM",
"id": "153733"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1354"
},
{
"db": "NVD",
"id": "CVE-2019-13955"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-145853"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"db": "PACKETSTORM",
"id": "153733"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1354"
},
{
"db": "NVD",
"id": "CVE-2019-13955"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-145853"
},
{
"date": "2019-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"date": "2019-07-24T02:32:22",
"db": "PACKETSTORM",
"id": "153733"
},
{
"date": "2019-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1354"
},
{
"date": "2019-07-26T13:15:12.910000",
"db": "NVD",
"id": "CVE-2019-13955"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-145853"
},
{
"date": "2019-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007388"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1354"
},
{
"date": "2024-11-21T04:25:46.480000",
"db": "NVD",
"id": "CVE-2019-13955"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1354"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007388"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1354"
}
],
"trust": 0.6
}
}
var-202105-0094
Vulnerability from variot
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0094",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47 (stable tree)"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"db": "NVD",
"id": "CVE-2020-20254"
}
]
},
"cve": "CVE-2020-20254",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20254",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173714",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20254",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20254",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20254",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20254",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1220",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173714",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173714"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1220"
},
{
"db": "NVD",
"id": "CVE-2020-20254"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20254"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"db": "VULHUB",
"id": "VHN-173714"
},
{
"db": "VULMON",
"id": "CVE-2020-20254"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20254",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007314",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1220",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173714",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20254",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173714"
},
{
"db": "VULMON",
"id": "CVE-2020-20254"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1220"
},
{
"db": "NVD",
"id": "CVE-2020-20254"
}
]
},
"id": "VAR-202105-0094",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173714"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:42:54.062000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152558"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-476",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173714"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"db": "NVD",
"id": "CVE-2020-20254"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://seclists.org/fulldisclosure/2021/may/14"
},
{
"trust": 1.8,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/mikrotik/vul_lcdstat_2/readme.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20254"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173714"
},
{
"db": "VULMON",
"id": "CVE-2020-20254"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1220"
},
{
"db": "NVD",
"id": "CVE-2020-20254"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173714"
},
{
"db": "VULMON",
"id": "CVE-2020-20254"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1220"
},
{
"db": "NVD",
"id": "CVE-2020-20254"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173714"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20254"
},
{
"date": "2022-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1220"
},
{
"date": "2021-05-18T14:15:07.330000",
"db": "NVD",
"id": "CVE-2020-20254"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-173714"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20254"
},
{
"date": "2022-02-07T08:45:00",
"db": "JVNDB",
"id": "JVNDB-2021-007314"
},
{
"date": "2021-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1220"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2020-20254"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1220"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007314"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1220"
}
],
"trust": 0.6
}
}
var-202107-0078
Vulnerability from variot
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Two vulnerabilities found in MikroTik's RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.5 (long-term tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008941"
},
{
"db": "NVD",
"id": "CVE-2020-20212"
}
]
},
"cve": "CVE-2020-20212",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20212",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173668",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20212",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20212",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20212",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20212",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-288",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173668",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173668"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008941"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-288"
},
{
"db": "NVD",
"id": "CVE-2020-20212"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20212"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008941"
},
{
"db": "VULHUB",
"id": "VHN-173668"
},
{
"db": "VULMON",
"id": "CVE-2020-20212"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20212",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-288",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173668",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20212",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173668"
},
{
"db": "VULMON",
"id": "CVE-2020-20212"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008941"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-288"
},
{
"db": "NVD",
"id": "CVE-2020-20212"
}
]
},
"id": "VAR-202107-0078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173668"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:11:21.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173668"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008941"
},
{
"db": "NVD",
"id": "CVE-2020-20212"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/may/0"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20212"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173668"
},
{
"db": "VULMON",
"id": "CVE-2020-20212"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008941"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-288"
},
{
"db": "NVD",
"id": "CVE-2020-20212"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173668"
},
{
"db": "VULMON",
"id": "CVE-2020-20212"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008941"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-288"
},
{
"db": "NVD",
"id": "CVE-2020-20212"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-173668"
},
{
"date": "2022-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008941"
},
{
"date": "2021-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-288"
},
{
"date": "2021-07-07T14:15:09.353000",
"db": "NVD",
"id": "CVE-2020-20212"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-173668"
},
{
"date": "2022-03-31T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-008941"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-288"
},
{
"date": "2021-07-08T13:27:19.953000",
"db": "NVD",
"id": "CVE-2020-20212"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-288"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-288"
}
],
"trust": 0.6
}
}
var-202011-1578
Vulnerability from variot
MikroTik RouterOS is a router operating system based on Linux developed by MikroTik in Latvia. The system can be deployed in a PC to provide router functions.
RouterOS smb service has a denial of service vulnerability. Attackers can use this vulnerability to construct smb malicious connection requests, causing memory exhaustion attacks, which can lead to system restart.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1578",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.47.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58401"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-58401",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2020-58401",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58401"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS is a router operating system based on Linux developed by MikroTik in Latvia. The system can be deployed in a PC to provide router functions.\n\r\n\r\nRouterOS smb service has a denial of service vulnerability. Attackers can use this vulnerability to construct smb malicious connection requests, causing memory exhaustion attacks, which can lead to system restart.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58401"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-58401",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58401"
}
]
},
"id": "VAR-202011-1578",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58401"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58401"
}
]
},
"last_update_date": "2022-05-04T10:03:20.480000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-58401"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-58401"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-58401"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS smb service has a denial of service vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58401"
}
],
"trust": 0.6
}
}
var-202105-0086
Vulnerability from variot
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a code issue vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.40, 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.40.9, 6.41, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42, 6.42.1, 6.42.2, 6.42.3, 6.42.4, 6.42.5, 6.42.6, 6.42.7, 6.42.9, 6.42.10, 6.42.11, 6.42.12, 6.43, 6.43.1, 6.43.2, 6.43.3, 6.43.4, 6.43.5, 6.43.6, 6.43.7, 6.43.8, 6.43.9, 6.43.10, 6.43.11, 6.43.12, 6.43.13, 6.43.14, 6.43.15, 6.43.16, 6.44, 6.44.1, 6.44.2, 6.44.3, 6.44.4, 6.44.5, 6.44.6, 6.45, 6.45.1, 6.45.2, 6.45.3, 6.45.4, 6.45.5, 6.45.6, 6.45.7, 6.45.8, 6.45.9, 6.46, 6.46.1, 6.46. Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: no fix yet CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
Description of vulnerabilities
These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities. However, there is still no fix for them yet. By the way, the three vulnerabilities in sniffer binary are different from each one.
- There is a reachable assertion in the btest process. By sending a crafted packet, an authenticated remote user can crash the btest process due to assertion failure.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: /nova/bin/btest
2020.06.19-15:51:36.94@0: --- signal=6
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246
2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880
esp=0x7fdcf878 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f edx=0x00000006 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: maps: 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006 /nova/bin/btest 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947 /lib/libucrypto.so 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71 77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c 77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: code: 0x7772255b 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.44.5, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: /nova/bin/sniffer
2020.06.19-16:36:18.33@0: --- signal=11
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206
2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8
esp=0x7f85c080 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000 edx=0x08059678 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: maps: 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05 08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00 00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77 2020.06.19-16:36:18.34@0: 2020.06.19-16:36:18.34@0: code: 0x8050e33 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53 56
This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
- By sending a crafted packet, an authenticated remote user can crash the sniffer process due to invalid memory access.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: /nova/bin/sniffer
2020.06.19-16:58:33.42@0: --- signal=11
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202
2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428
esp=0x7f8df3e0 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704 edx=0x08073714 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: maps: 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07 08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00 00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: code: 0x8050dac 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34 08
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest version stable 6.48.2 still suffers from this vulnerability.
- By sending a crafted packet, an authenticated remote user can crash the sniffer process due to invalid memory access.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: /nova/bin/sniffer
2020.06.19-17:58:43.98@0: --- signal=11
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202
2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38
esp=0x7ff96af8 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034 edx=0x77721014 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: maps: 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00 00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00 00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: code: 0x77712055 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b 42
Interestingly, the same poc resulted in another different crash dump(SIGABRT) against stable 6.48.2.
# cat /rw/logs/backtrace.log
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: /nova/bin/sniffer
2021.05.07-16:02:37.25@0: --- signal=6
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246
2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8
esp=0x7f97def0 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6 edx=0x00000006 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: maps: 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036 /nova/bin/sniffer 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951 /lib/libubox.so 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e 77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f 77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: code: 0x776f255b 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest stable version 6.48.2 suffers from an assertion failure vulnerability when running the same poc.
Solution
No upgrade firmware available yet
References
[1] https://mikrotik.com/download/changelogs/stable-release-tree
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0086",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.6 (long-term tree)"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006897"
},
{
"db": "NVD",
"id": "CVE-2020-20222"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-478"
}
],
"trust": 0.7
},
"cve": "CVE-2020-20222",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20222",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173679",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20222",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20222",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20222",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20222",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-478",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173679",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20222",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173679"
},
{
"db": "VULMON",
"id": "CVE-2020-20222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006897"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-478"
},
{
"db": "NVD",
"id": "CVE-2020-20222"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a code issue vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.40, 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.40.9, 6.41, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42, 6.42.1, 6.42.2, 6.42.3, 6.42.4, 6.42.5, 6.42.6, 6.42.7, 6.42.9, 6.42.10, 6.42.11, 6.42.12, 6.43, 6.43.1, 6.43.2, 6.43.3, 6.43.4, 6.43.5, 6.43.6, 6.43.7, 6.43.8, 6.43.9, 6.43.10, 6.43.11, 6.43.12, 6.43.13, 6.43.14, 6.43.15, 6.43.16, 6.44, 6.44.1, 6.44.2, 6.44.3, 6.44.4, 6.44.5, 6.44.6, 6.45, 6.45.1, 6.45.2, 6.45.3, 6.45.4, 6.45.5, 6.45.6, 6.45.7, 6.45.8, 6.45.9, 6.46, 6.46.1, 6.46. Advisory: four vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nVendor URL: https://mikrotik.com/\nVendor Status: no fix yet\nCVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237\nCredit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\nDescription of vulnerabilities\n==========================\nThese vulnerabilities were reported to the vendor almost one year ago. And\nthe vendor confirmed these vulnerabilities. However, there is still no fix\nfor them yet. \nBy the way, the three vulnerabilities in sniffer binary are different from\neach one. \n\n1. There is\na reachable assertion in the btest process. By sending a crafted packet, an\nauthenticated remote user can crash the btest process due to assertion\nfailure. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: /nova/bin/btest\n 2020.06.19-15:51:36.94@0: --- signal=6\n--------------------------------------------\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246\n 2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880\nesp=0x7fdcf878\n 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f\nedx=0x00000006\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: maps:\n 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006\n /nova/bin/btest\n 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947\n /lib/libucrypto.so\n 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878\n 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71\n77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00\n 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c\n77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: code: 0x7772255b\n 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.44.5, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n2. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206\n 2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8\nesp=0x7f85c080\n 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000\nedx=0x08059678\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: maps:\n 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080\n 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05\n08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08\n 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00\n00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77\n 2020.06.19-16:36:18.34@0:\n 2020.06.19-16:36:18.34@0: code: 0x8050e33\n 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53\n56\n\nThis vulnerability was initially found in long-term 6.44.6, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n3. By\nsending a crafted packet, an authenticated remote user can crash the\nsniffer process due to invalid memory access. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202\n 2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428\nesp=0x7f8df3e0\n 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704\nedx=0x08073714\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: maps:\n 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0\n 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07\n08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08\n 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00\n00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: code: 0x8050dac\n 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34\n08\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest version stable 6.48.2 still suffers from this vulnerability. \n\n4. By\nsending a crafted packet, an authenticated remote user can crash the\nsniffer process due to invalid memory access. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: --- signal=11\n--------------------------------------------\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202\n 2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38\nesp=0x7ff96af8\n 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034\nedx=0x77721014\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: maps:\n 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8\n 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00\n00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77\n 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00\n00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: code: 0x77712055\n 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b\n42\n\nInterestingly, the same poc resulted in another different crash\ndump(SIGABRT) against stable 6.48.2. \n\n # cat /rw/logs/backtrace.log\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: --- signal=6\n--------------------------------------------\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246\n 2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8\nesp=0x7f97def0\n 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6\nedx=0x00000006\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: maps:\n 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036\n /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0\n 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e\n77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00\n 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f\n77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: code: 0x776f255b\n 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest stable version 6.48.2 suffers from an assertion failure\nvulnerability when running the same poc. \n\n\nSolution\n========\n\nNo upgrade firmware available yet\n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/stable-release-tree\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006897"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-173679"
},
{
"db": "VULMON",
"id": "CVE-2020-20222"
},
{
"db": "PACKETSTORM",
"id": "162513"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20222",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162513",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006897",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-478",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173679",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20222",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173679"
},
{
"db": "VULMON",
"id": "CVE-2020-20222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006897"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-478"
},
{
"db": "NVD",
"id": "CVE-2020-20222"
}
]
},
"id": "VAR-202105-0086",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173679"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:48:59.883000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006897"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173679"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006897"
},
{
"db": "NVD",
"id": "CVE-2020-20222"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/162513/mikrotik-routeros-6.46.5-memory-corruption-assertion-failure.html"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2021/may/15"
},
{
"trust": 1.9,
"url": "https://mikrotik.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20222"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051005"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20214"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173679"
},
{
"db": "VULMON",
"id": "CVE-2020-20222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006897"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-478"
},
{
"db": "NVD",
"id": "CVE-2020-20222"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173679"
},
{
"db": "VULMON",
"id": "CVE-2020-20222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006897"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-478"
},
{
"db": "NVD",
"id": "CVE-2020-20222"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173679"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20222"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006897"
},
{
"date": "2021-05-10T14:25:07",
"db": "PACKETSTORM",
"id": "162513"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-478"
},
{
"date": "2021-05-18T19:15:07.730000",
"db": "NVD",
"id": "CVE-2020-20222"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-173679"
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20222"
},
{
"date": "2022-01-25T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006897"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-478"
},
{
"date": "2021-05-21T20:51:14.933000",
"db": "NVD",
"id": "CVE-2020-20222"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-478"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006897"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202107-0085
Vulnerability from variot
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Two vulnerabilities found in MikroTik's RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0085",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47 (stable tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008945"
},
{
"db": "NVD",
"id": "CVE-2020-20225"
}
]
},
"cve": "CVE-2020-20225",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20225",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173682",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20225",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20225",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20225",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20225",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-329",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173682",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173682"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008945"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-329"
},
{
"db": "NVD",
"id": "CVE-2020-20225"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20225"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008945"
},
{
"db": "VULHUB",
"id": "VHN-173682"
},
{
"db": "VULMON",
"id": "CVE-2020-20225"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20225",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008945",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-329",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173682",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20225",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173682"
},
{
"db": "VULMON",
"id": "CVE-2020-20225"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008945"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-329"
},
{
"db": "NVD",
"id": "CVE-2020-20225"
}
]
},
"id": "VAR-202107-0085",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173682"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:42:52.158000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008945"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-617",
"trust": 1.1
},
{
"problemtype": "Reachable assertions (CWE-617) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173682"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008945"
},
{
"db": "NVD",
"id": "CVE-2020-20225"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/may/12"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20225"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173682"
},
{
"db": "VULMON",
"id": "CVE-2020-20225"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008945"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-329"
},
{
"db": "NVD",
"id": "CVE-2020-20225"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173682"
},
{
"db": "VULMON",
"id": "CVE-2020-20225"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008945"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-329"
},
{
"db": "NVD",
"id": "CVE-2020-20225"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-173682"
},
{
"date": "2022-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008945"
},
{
"date": "2021-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-329"
},
{
"date": "2021-07-07T14:15:09.547000",
"db": "NVD",
"id": "CVE-2020-20225"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-173682"
},
{
"date": "2022-03-31T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-008945"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-329"
},
{
"date": "2021-07-08T13:26:15.530000",
"db": "NVD",
"id": "CVE-2020-20225"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Reachable assertion vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008945"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-329"
}
],
"trust": 0.6
}
}
var-202105-0092
Vulnerability from variot
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.46.5"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20247"
}
]
},
"cve": "CVE-2020-20247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20247",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173706",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20247",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20247",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-058",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173706",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20247",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173706"
},
{
"db": "VULMON",
"id": "CVE-2020-20247"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-058"
},
{
"db": "NVD",
"id": "CVE-2020-20247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20247"
},
{
"db": "VULHUB",
"id": "VHN-173706"
},
{
"db": "VULMON",
"id": "CVE-2020-20247"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20247",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-058",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173706",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20247",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173706"
},
{
"db": "VULMON",
"id": "CVE-2020-20247"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-058"
},
{
"db": "NVD",
"id": "CVE-2020-20247"
}
]
},
"id": "VAR-202105-0092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173706"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:38:02.174000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mikrotik RouterOs Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149911"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173706"
},
{
"db": "NVD",
"id": "CVE-2020-20247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://seclists.org/fulldisclosure/2020/may/30"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20247"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173706"
},
{
"db": "VULMON",
"id": "CVE-2020-20247"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-058"
},
{
"db": "NVD",
"id": "CVE-2020-20247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173706"
},
{
"db": "VULMON",
"id": "CVE-2020-20247"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-058"
},
{
"db": "NVD",
"id": "CVE-2020-20247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173706"
},
{
"date": "2021-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20247"
},
{
"date": "2021-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-058"
},
{
"date": "2021-05-03T16:15:07.467000",
"db": "NVD",
"id": "CVE-2020-20247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-173706"
},
{
"date": "2021-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20247"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-058"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2020-20247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-058"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-058"
}
],
"trust": 0.6
}
}
var-201803-2171
Vulnerability from variot
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable. MikroTik RouterOS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a routing operating system developed by MikroTik based on the Linux kernel. By installing this system, standard x86 PC devices can be turned into professional routers. A buffer overflow vulnerability exists in MikroTik RouterOS 6.41.3 and earlier. MikroTik RouterOS is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in denial-of-service conditions. This system turns a PC computer into a professional router. SMB service is one of the SMB (communication protocol) services
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.6,
"vendor": "routeros",
"version": "6.4.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 1.6,
"vendor": "mikrotik",
"version": "6.4.2"
},
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.41.3"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.41.3/6.42rc27"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.6,
"vendor": "mikrotik",
"version": "\u003c=6.41.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.51"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.50"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.49"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.48"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.46"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.45"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.44"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.43"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.41"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.40"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.26"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.25"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.15"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "4.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.13"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.12"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.11"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.10"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.09"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.08"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.07"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.0"
},
{
"model": "routeros",
"scope": "ne",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.41.3"
},
{
"model": "routeros 6.42rc27",
"scope": "ne",
"trust": 0.3,
"vendor": "mikrotik",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "routeros",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"db": "BID",
"id": "103427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-658"
},
{
"db": "NVD",
"id": "CVE-2018-7445"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003373"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Core Security Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-658"
}
],
"trust": 0.6
},
"cve": "CVE-2018-7445",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7445",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-05801",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-137477",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7445",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7445",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7445",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-05801",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-658",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137477",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7445",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"db": "VULHUB",
"id": "VHN-137477"
},
{
"db": "VULMON",
"id": "CVE-2018-7445"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-658"
},
{
"db": "NVD",
"id": "CVE-2018-7445"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable. MikroTik RouterOS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a routing operating system developed by MikroTik based on the Linux kernel. By installing this system, standard x86 PC devices can be turned into professional routers. A buffer overflow vulnerability exists in MikroTik RouterOS 6.41.3 and earlier. MikroTik RouterOS is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in denial-of-service conditions. This system turns a PC computer into a professional router. SMB service is one of the SMB (communication protocol) services",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7445"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"db": "BID",
"id": "103427"
},
{
"db": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137477"
},
{
"db": "VULMON",
"id": "CVE-2018-7445"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-137477",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44290",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137477"
},
{
"db": "VULMON",
"id": "CVE-2018-7445"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7445",
"trust": 3.7
},
{
"db": "BID",
"id": "103427",
"trust": 1.5
},
{
"db": "EXPLOIT-DB",
"id": "44290",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201803-658",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-05801",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003373",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2018030146",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2E6FB11-39AB-11E9-B68D-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-97182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146795",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-137477",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7445",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"db": "VULHUB",
"id": "VHN-137477"
},
{
"db": "VULMON",
"id": "CVE-2018-7445"
},
{
"db": "BID",
"id": "103427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-658"
},
{
"db": "NVD",
"id": "CVE-2018-7445"
}
]
},
"id": "VAR-201803-2171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"db": "VULHUB",
"id": "VHN-137477"
}
],
"trust": 0.09
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05801"
}
]
},
"last_update_date": "2024-11-23T22:59:04.712000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122363"
},
{
"title": "MikroTik RouterOS SMB service Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79277"
},
{
"title": "Chimay-Blue",
"trust": 0.1,
"url": "https://github.com/BigNerd95/Chimay-Blue "
},
{
"title": "fuzzing-stuff",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/fuzzing-stuff "
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/apt-trends-report-q1-2018/85280/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"db": "VULMON",
"id": "CVE-2018-7445"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-658"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137477"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"db": "NVD",
"id": "CVE-2018-7445"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2018/mar/38"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/103427"
},
{
"trust": 1.3,
"url": "https://www.exploit-db.com/exploits/44290/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7445"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7445"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2018030146"
},
{
"trust": 0.3,
"url": "https://mikrotik.com/download"
},
{
"trust": 0.3,
"url": "http://www.mikrotik.com/software.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/bignerd95/chimay-blue"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"db": "VULHUB",
"id": "VHN-137477"
},
{
"db": "VULMON",
"id": "CVE-2018-7445"
},
{
"db": "BID",
"id": "103427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-658"
},
{
"db": "NVD",
"id": "CVE-2018-7445"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"db": "VULHUB",
"id": "VHN-137477"
},
{
"db": "VULMON",
"id": "CVE-2018-7445"
},
{
"db": "BID",
"id": "103427"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-658"
},
{
"db": "NVD",
"id": "CVE-2018-7445"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-20T00:00:00",
"db": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1"
},
{
"date": "2018-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"date": "2018-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-137477"
},
{
"date": "2018-03-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7445"
},
{
"date": "2018-03-15T00:00:00",
"db": "BID",
"id": "103427"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"date": "2018-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-658"
},
{
"date": "2018-03-19T21:29:01.083000",
"db": "NVD",
"id": "CVE-2018-7445"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05801"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137477"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7445"
},
{
"date": "2018-03-15T00:00:00",
"db": "BID",
"id": "103427"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003373"
},
{
"date": "2021-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-658"
},
{
"date": "2024-11-21T04:12:09.040000",
"db": "NVD",
"id": "CVE-2018-7445"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-658"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e6fb11-39ab-11e9-b68d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-658"
}
],
"trust": 0.6
}
}
var-201703-1051
Vulnerability from variot
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation. MikroTik is a system for developing routers and wireless ISPs. MikroTik Router hAP Lite is a device from Latvian MikroTik company that has dual concurrent access points and provides WiFi coverage for 2.4GHz and 5GHz frequencies simultaneously. A security vulnerability exists in MikroTik Router hAP Lite version 6.25
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-1051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.25"
},
{
"model": "hap lite",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "hap lite",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.25"
},
{
"model": "router",
"scope": null,
"trust": 0.6,
"vendor": "mikrotik",
"version": null
},
{
"model": "router hap lite",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03025"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-162"
},
{
"db": "NVD",
"id": "CVE-2017-6444"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:mikrotik:router_hap_lite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:router_hap_lite_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
}
]
},
"cve": "CVE-2017-6444",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6444",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03025",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-114647",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6444",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6444",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6444",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6444",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-03025",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-162",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114647",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03025"
},
{
"db": "VULHUB",
"id": "VHN-114647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-162"
},
{
"db": "NVD",
"id": "CVE-2017-6444"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation. MikroTik is a system for developing routers and wireless ISPs. MikroTik Router hAP Lite is a device from Latvian MikroTik company that has dual concurrent access points and provides WiFi coverage for 2.4GHz and 5GHz frequencies simultaneously. A security vulnerability exists in MikroTik Router hAP Lite version 6.25",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6444"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
},
{
"db": "CNVD",
"id": "CNVD-2017-03025"
},
{
"db": "VULHUB",
"id": "VHN-114647"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114647",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114647"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6444",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "141449",
"trust": 2.5
},
{
"db": "CXSECURITY",
"id": "WLB-2017030029",
"trust": 2.3
},
{
"db": "EXPLOITALERT",
"id": "26137",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "41601",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002200",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-162",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-03025",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114647",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03025"
},
{
"db": "VULHUB",
"id": "VHN-114647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-162"
},
{
"db": "NVD",
"id": "CVE-2017-6444"
}
]
},
"id": "VAR-201703-1051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03025"
},
{
"db": "VULHUB",
"id": "VHN-114647"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03025"
}
]
},
"last_update_date": "2024-11-23T22:07:30.326000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
},
{
"db": "NVD",
"id": "CVE-2017-6444"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://packetstormsecurity.com/files/141449/mikrotik-hap-lite-6.25-denial-of-service.html"
},
{
"trust": 2.3,
"url": "https://cxsecurity.com/issue/wlb-2017030029"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/41601/"
},
{
"trust": 1.7,
"url": "http://www.exploitalert.com/view-details.html?id=26137"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6444"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6444"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03025"
},
{
"db": "VULHUB",
"id": "VHN-114647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-162"
},
{
"db": "NVD",
"id": "CVE-2017-6444"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-03025"
},
{
"db": "VULHUB",
"id": "VHN-114647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-162"
},
{
"db": "NVD",
"id": "CVE-2017-6444"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03025"
},
{
"date": "2017-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-114647"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002200"
},
{
"date": "2017-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-162"
},
{
"date": "2017-03-12T05:59:00.227000",
"db": "NVD",
"id": "CVE-2017-6444"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03025"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114647"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002200"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-162"
},
{
"date": "2024-11-21T03:29:47.280000",
"db": "NVD",
"id": "CVE-2017-6444"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-162"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik Router hAP Lite Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002200"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-162"
}
],
"trust": 0.6
}
}
var-201910-1682
Vulnerability from variot
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. RouterOS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. An input validation error vulnerability exists in MikroTik RouterOS 6.45.6 Stable and earlier versions and 6.44.5 Long-term and earlier versions. The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1682",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.45.6"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.5 long-term"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.45.6 stable"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"db": "NVD",
"id": "CVE-2019-3976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
}
]
},
"cve": "CVE-2019-3976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-3976",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-155411",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3976",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3976",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3976",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3976",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1701",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155411",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155411"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1701"
},
{
"db": "NVD",
"id": "CVE-2019-3976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package\u0027s name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. RouterOS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. An input validation error vulnerability exists in MikroTik RouterOS 6.45.6 Stable and earlier versions and 6.44.5 Long-term and earlier versions. The vulnerability stems from the failure of the network system or product to properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3976"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"db": "VULHUB",
"id": "VHN-155411"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2019-46",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2019-3976",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011455",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1701",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155411",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155411"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1701"
},
{
"db": "NVD",
"id": "CVE-2019-3976"
}
]
},
"id": "VAR-201910-1682",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155411"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:51:53.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101461"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1701"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "CWE-23",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155411"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"db": "NVD",
"id": "CVE-2019-3976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3976"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3976"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155411"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1701"
},
{
"db": "NVD",
"id": "CVE-2019-3976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155411"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1701"
},
{
"db": "NVD",
"id": "CVE-2019-3976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-29T00:00:00",
"db": "VULHUB",
"id": "VHN-155411"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"date": "2019-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1701"
},
{
"date": "2019-10-29T19:15:20.297000",
"db": "NVD",
"id": "CVE-2019-3976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-155411"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011455"
},
{
"date": "2021-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1701"
},
{
"date": "2024-11-21T04:42:59.397000",
"db": "NVD",
"id": "CVE-2019-3976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1701"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011455"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1701"
}
],
"trust": 0.6
}
}
var-202001-0420
Vulnerability from variot
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password. MikroTik Winbox Contains an input validation vulnerability.Information may be obtained. A security vulnerability exists in MikroTik Winbox 3.20 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0420",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winbox",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "3.20"
},
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.43"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "winbox",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "3.20"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
},
{
"db": "NVD",
"id": "CVE-2019-3981"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:winbox",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
}
]
},
"cve": "CVE-2019-3981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-3981",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-155416",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2019-3981",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-3981",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3981",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2019-3981",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-455",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-155416",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155416"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-455"
},
{
"db": "NVD",
"id": "CVE-2019-3981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client\u0027s authentication protocol and recover the user\u0027s username and MD5 hashed password. MikroTik Winbox Contains an input validation vulnerability.Information may be obtained. A security vulnerability exists in MikroTik Winbox 3.20 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3981"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
},
{
"db": "VULHUB",
"id": "VHN-155416"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2020-01",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2019-3981",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014160",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-455",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-07244",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-155416",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155416"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-455"
},
{
"db": "NVD",
"id": "CVE-2019-3981"
}
]
},
"id": "VAR-202001-0420",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155416"
}
],
"trust": 0.42142857
},
"last_update_date": "2024-11-23T22:55:19.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-300",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155416"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
},
{
"db": "NVD",
"id": "CVE-2019-3981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2020-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3981"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3981"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155416"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-455"
},
{
"db": "NVD",
"id": "CVE-2019-3981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155416"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-455"
},
{
"db": "NVD",
"id": "CVE-2019-3981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-155416"
},
{
"date": "2020-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014160"
},
{
"date": "2020-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-455"
},
{
"date": "2020-01-14T19:15:13.187000",
"db": "NVD",
"id": "CVE-2019-3981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-155416"
},
{
"date": "2020-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014160"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-455"
},
{
"date": "2024-11-21T04:42:59.980000",
"db": "NVD",
"id": "CVE-2019-3981"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-455"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik Winbox Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014160"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-455"
}
],
"trust": 0.6
}
}
var-202205-0841
Vulnerability from variot
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik of routeros for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0841",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.48.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.48.2"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019610"
},
{
"db": "NVD",
"id": "CVE-2021-36613"
}
]
},
"cve": "CVE-2021-36613",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-36613",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-398479",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-36613",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-36613",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-36613",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-36613",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3026",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-398479",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-36613",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398479"
},
{
"db": "VULMON",
"id": "CVE-2021-36613"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019610"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3026"
},
{
"db": "NVD",
"id": "CVE-2021-36613"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik of routeros for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-36613"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019610"
},
{
"db": "VULHUB",
"id": "VHN-398479"
},
{
"db": "VULMON",
"id": "CVE-2021-36613"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-36613",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019610",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3026",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022060842",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-398479",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-36613",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398479"
},
{
"db": "VULMON",
"id": "CVE-2021-36613"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019610"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3026"
},
{
"db": "NVD",
"id": "CVE-2021-36613"
}
]
},
"id": "VAR-202205-0841",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-398479"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:24:48.491000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MikroTik RouterOS Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193705"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-36613 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-36613"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3026"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398479"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019610"
},
{
"db": "NVD",
"id": "CVE-2021-36613"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/jun/2"
},
{
"trust": 2.6,
"url": "https://seclists.org/fulldisclosure/2021/jul/0"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36613"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-36613/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060842"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-36613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398479"
},
{
"db": "VULMON",
"id": "CVE-2021-36613"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019610"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3026"
},
{
"db": "NVD",
"id": "CVE-2021-36613"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-398479"
},
{
"db": "VULMON",
"id": "CVE-2021-36613"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019610"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3026"
},
{
"db": "NVD",
"id": "CVE-2021-36613"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-398479"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36613"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019610"
},
{
"date": "2022-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3026"
},
{
"date": "2022-05-11T18:15:22.937000",
"db": "NVD",
"id": "CVE-2021-36613"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-398479"
},
{
"date": "2022-10-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36613"
},
{
"date": "2023-08-07T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-019610"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3026"
},
{
"date": "2022-10-18T20:18:00.007000",
"db": "NVD",
"id": "CVE-2021-36613"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3026"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik\u00a0 of \u00a0routeros\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019610"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3026"
}
],
"trust": 0.6
}
}
var-202103-0870
Vulnerability from variot
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work. ** Unsettled ** This case has not been confirmed as a vulnerability. MikroTik RouterOS Contains a command injection vulnerability. Vendors have challenged this vulnerability. For more information, please see below NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2021-27221Information is tampered with and denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0870",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.47.9"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004750"
},
{
"db": "NVD",
"id": "CVE-2021-27221"
}
]
},
"cve": "CVE-2021-27221",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-27221",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-386442",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-27221",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-27221",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27221",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27221",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1192",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-386442",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-27221",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386442"
},
{
"db": "VULMON",
"id": "CVE-2021-27221"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004750"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1192"
},
{
"db": "NVD",
"id": "CVE-2021-27221"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor\u0027s position is that this is intended behavior because of how user policies work. ** Unsettled ** This case has not been confirmed as a vulnerability. MikroTik RouterOS Contains a command injection vulnerability. Vendors have challenged this vulnerability. For more information, please see below NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2021-27221Information is tampered with and denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27221"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004750"
},
{
"db": "VULHUB",
"id": "VHN-386442"
},
{
"db": "VULMON",
"id": "CVE-2021-27221"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27221",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004750",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1192",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-24275",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-386442",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-27221",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386442"
},
{
"db": "VULMON",
"id": "CVE-2021-27221"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004750"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1192"
},
{
"db": "NVD",
"id": "CVE-2021-27221"
}
]
},
"id": "VAR-202103-0870",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386442"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:40:45.970000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004750"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004750"
},
{
"db": "NVD",
"id": "CVE-2021-27221"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27221"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386442"
},
{
"db": "VULMON",
"id": "CVE-2021-27221"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004750"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1192"
},
{
"db": "NVD",
"id": "CVE-2021-27221"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386442"
},
{
"db": "VULMON",
"id": "CVE-2021-27221"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004750"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1192"
},
{
"db": "NVD",
"id": "CVE-2021-27221"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-386442"
},
{
"date": "2021-03-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27221"
},
{
"date": "2021-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004750"
},
{
"date": "2021-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1192"
},
{
"date": "2021-03-19T03:15:12.363000",
"db": "NVD",
"id": "CVE-2021-27221"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-386442"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27221"
},
{
"date": "2021-11-29T09:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-004750"
},
{
"date": "2021-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1192"
},
{
"date": "2024-11-21T05:57:37.687000",
"db": "NVD",
"id": "CVE-2021-27221"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik\u00a0RouterOS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004750"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1192"
}
],
"trust": 0.6
}
}
var-202105-0083
Vulnerability from variot
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.40, 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.40.9, 6.41, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42, 6.42.1, 6.42.2, 6.42.3, 6.42. Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: no fix yet CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
Description of vulnerabilities
These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities. However, there is still no fix for them yet. By the way, the three vulnerabilities in sniffer binary are different from each one.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: /nova/bin/btest
2020.06.19-15:51:36.94@0: --- signal=6
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246
2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880
esp=0x7fdcf878 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f edx=0x00000006 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: maps: 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006 /nova/bin/btest 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947 /lib/libucrypto.so 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71 77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c 77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: code: 0x7772255b 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.44.5, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: /nova/bin/sniffer
2020.06.19-16:36:18.33@0: --- signal=11
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206
2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8
esp=0x7f85c080 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000 edx=0x08059678 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: maps: 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05 08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00 00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77 2020.06.19-16:36:18.34@0: 2020.06.19-16:36:18.34@0: code: 0x8050e33 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53 56
This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: /nova/bin/sniffer
2020.06.19-16:58:33.42@0: --- signal=11
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202
2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428
esp=0x7f8df3e0 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704 edx=0x08073714 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: maps: 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07 08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00 00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: code: 0x8050dac 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34 08
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest version stable 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: /nova/bin/sniffer
2020.06.19-17:58:43.98@0: --- signal=11
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202
2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38
esp=0x7ff96af8 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034 edx=0x77721014 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: maps: 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00 00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00 00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: code: 0x77712055 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b 42
Interestingly, the same poc resulted in another different crash dump(SIGABRT) against stable 6.48.2.
# cat /rw/logs/backtrace.log
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: /nova/bin/sniffer
2021.05.07-16:02:37.25@0: --- signal=6
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246
2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8
esp=0x7f97def0 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6 edx=0x00000006 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: maps: 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036 /nova/bin/sniffer 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951 /lib/libubox.so 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e 77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f 77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: code: 0x776f255b 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest stable version 6.48.2 suffers from an assertion failure vulnerability when running the same poc.
Solution
No upgrade firmware available yet
References
[1] https://mikrotik.com/download/changelogs/stable-release-tree
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.6 (long-term tree)"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006896"
},
{
"db": "NVD",
"id": "CVE-2020-20214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-480"
}
],
"trust": 0.7
},
"cve": "CVE-2020-20214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20214",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173670",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20214",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20214",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20214",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20214",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173670",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20214",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173670"
},
{
"db": "VULMON",
"id": "CVE-2020-20214"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006896"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-480"
},
{
"db": "NVD",
"id": "CVE-2020-20214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.40, 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.40.9, 6.41, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42, 6.42.1, 6.42.2, 6.42.3, 6.42. Advisory: four vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nVendor URL: https://mikrotik.com/\nVendor Status: no fix yet\nCVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237\nCredit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\nDescription of vulnerabilities\n==========================\nThese vulnerabilities were reported to the vendor almost one year ago. And\nthe vendor confirmed these vulnerabilities. However, there is still no fix\nfor them yet. \nBy the way, the three vulnerabilities in sniffer binary are different from\neach one. \n\n1. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: /nova/bin/btest\n 2020.06.19-15:51:36.94@0: --- signal=6\n--------------------------------------------\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246\n 2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880\nesp=0x7fdcf878\n 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f\nedx=0x00000006\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: maps:\n 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006\n /nova/bin/btest\n 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947\n /lib/libucrypto.so\n 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878\n 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71\n77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00\n 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c\n77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: code: 0x7772255b\n 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.44.5, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n2. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206\n 2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8\nesp=0x7f85c080\n 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000\nedx=0x08059678\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: maps:\n 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080\n 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05\n08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08\n 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00\n00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77\n 2020.06.19-16:36:18.34@0:\n 2020.06.19-16:36:18.34@0: code: 0x8050e33\n 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53\n56\n\nThis vulnerability was initially found in long-term 6.44.6, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n3. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202\n 2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428\nesp=0x7f8df3e0\n 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704\nedx=0x08073714\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: maps:\n 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0\n 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07\n08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08\n 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00\n00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: code: 0x8050dac\n 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34\n08\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest version stable 6.48.2 still suffers from this vulnerability. \n\n4. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: --- signal=11\n--------------------------------------------\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202\n 2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38\nesp=0x7ff96af8\n 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034\nedx=0x77721014\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: maps:\n 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8\n 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00\n00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77\n 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00\n00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: code: 0x77712055\n 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b\n42\n\nInterestingly, the same poc resulted in another different crash\ndump(SIGABRT) against stable 6.48.2. \n\n # cat /rw/logs/backtrace.log\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: --- signal=6\n--------------------------------------------\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246\n 2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8\nesp=0x7f97def0\n 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6\nedx=0x00000006\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: maps:\n 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036\n /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0\n 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e\n77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00\n 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f\n77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: code: 0x776f255b\n 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest stable version 6.48.2 suffers from an assertion failure\nvulnerability when running the same poc. \n\n\nSolution\n========\n\nNo upgrade firmware available yet\n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/stable-release-tree\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20214"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006896"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-173670"
},
{
"db": "VULMON",
"id": "CVE-2020-20214"
},
{
"db": "PACKETSTORM",
"id": "162513"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20214",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162513",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006896",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-480",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173670",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20214",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173670"
},
{
"db": "VULMON",
"id": "CVE-2020-20214"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006896"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-480"
},
{
"db": "NVD",
"id": "CVE-2020-20214"
}
]
},
"id": "VAR-202105-0083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173670"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:25:46.297000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006896"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-617",
"trust": 1.1
},
{
"problemtype": "Reachable assertions (CWE-617) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173670"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006896"
},
{
"db": "NVD",
"id": "CVE-2020-20214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/162513/mikrotik-routeros-6.46.5-memory-corruption-assertion-failure.html"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2021/may/15"
},
{
"trust": 1.9,
"url": "https://mikrotik.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20214"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051005"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20236"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173670"
},
{
"db": "VULMON",
"id": "CVE-2020-20214"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006896"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-480"
},
{
"db": "NVD",
"id": "CVE-2020-20214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173670"
},
{
"db": "VULMON",
"id": "CVE-2020-20214"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006896"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-480"
},
{
"db": "NVD",
"id": "CVE-2020-20214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173670"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20214"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006896"
},
{
"date": "2021-05-10T14:25:07",
"db": "PACKETSTORM",
"id": "162513"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-480"
},
{
"date": "2021-05-18T19:15:07.697000",
"db": "NVD",
"id": "CVE-2020-20214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-173670"
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20214"
},
{
"date": "2022-01-25T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006896"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-480"
},
{
"date": "2021-05-21T19:18:56.170000",
"db": "NVD",
"id": "CVE-2020-20214"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-480"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Reachable assertion vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006896"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-480"
}
],
"trust": 1.2
}
}
var-202107-0083
Vulnerability from variot
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Mikrotik RouterOs Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Re: Two vulnerabilities found in MikroTik's RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.44.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017177"
},
{
"db": "NVD",
"id": "CVE-2020-20219"
}
]
},
"cve": "CVE-2020-20219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20219",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173675",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20219",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20219",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20219",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20219",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1589",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173675",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173675"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017177"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1589"
},
{
"db": "NVD",
"id": "CVE-2020-20219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Mikrotik RouterOs Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20219"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017177"
},
{
"db": "VULHUB",
"id": "VHN-173675"
},
{
"db": "VULMON",
"id": "CVE-2020-20219"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20219",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017177",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1589",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173675",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20219",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173675"
},
{
"db": "VULMON",
"id": "CVE-2020-20219"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017177"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1589"
},
{
"db": "NVD",
"id": "CVE-2020-20219"
}
]
},
"id": "VAR-202107-0083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173675"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:23:30.458000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017177"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173675"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017177"
},
{
"db": "NVD",
"id": "CVE-2020-20219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://seclists.org/fulldisclosure/2021/may/2"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20219"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173675"
},
{
"db": "VULMON",
"id": "CVE-2020-20219"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017177"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1589"
},
{
"db": "NVD",
"id": "CVE-2020-20219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173675"
},
{
"db": "VULMON",
"id": "CVE-2020-20219"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017177"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1589"
},
{
"db": "NVD",
"id": "CVE-2020-20219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-173675"
},
{
"date": "2022-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017177"
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1589"
},
{
"date": "2021-07-21T15:15:12.740000",
"db": "NVD",
"id": "CVE-2020-20219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-173675"
},
{
"date": "2022-06-27T00:55:00",
"db": "JVNDB",
"id": "JVNDB-2020-017177"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1589"
},
{
"date": "2021-07-30T13:10:55.017000",
"db": "NVD",
"id": "CVE-2020-20219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1589"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017177"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1589"
}
],
"trust": 0.6
}
}
var-202105-0096
Vulnerability from variot
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Mikrotik RouterOs prior to version 6.47 has a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47 (stable tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"db": "NVD",
"id": "CVE-2020-20265"
}
]
},
"cve": "CVE-2020-20265",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20265",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173726",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20265",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20265",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20265",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20265",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-694",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173726",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20265",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173726"
},
{
"db": "VULMON",
"id": "CVE-2020-20265"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-694"
},
{
"db": "NVD",
"id": "CVE-2020-20265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Mikrotik RouterOs prior to version 6.47 has a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20265"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"db": "VULHUB",
"id": "VHN-173726"
},
{
"db": "VULMON",
"id": "CVE-2020-20265"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20265",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006801",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-694",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173726",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20265",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173726"
},
{
"db": "VULMON",
"id": "CVE-2020-20265"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-694"
},
{
"db": "NVD",
"id": "CVE-2020-20265"
}
]
},
"id": "VAR-202105-0096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173726"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:43:33.559000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Stable\u00a0release\u00a0tree",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"title": "Mikrotik RouterOs Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151261"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-694"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Reachable assertions (CWE-617) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-617",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173726"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"db": "NVD",
"id": "CVE-2020-20265"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://seclists.org/fulldisclosure/2021/may/11"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/may/12"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20265"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173726"
},
{
"db": "VULMON",
"id": "CVE-2020-20265"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-694"
},
{
"db": "NVD",
"id": "CVE-2020-20265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173726"
},
{
"db": "VULMON",
"id": "CVE-2020-20265"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-694"
},
{
"db": "NVD",
"id": "CVE-2020-20265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-173726"
},
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20265"
},
{
"date": "2022-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-694"
},
{
"date": "2021-05-11T15:15:07.750000",
"db": "NVD",
"id": "CVE-2020-20265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-173726"
},
{
"date": "2021-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20265"
},
{
"date": "2022-01-20T07:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-006801"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-694"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2020-20265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-694"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Reachable assertion vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-694"
}
],
"trust": 0.6
}
}
var-201703-1222
Vulnerability from variot
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. MikroTik Contains a resource exhaustion vulnerability.Service operation interruption (DoS) An attack may be carried out. MikroTikRouterBoard is a router management panel from MikroTik, Republic of Latvia. There is a security vulnerability in the networkstack in MikroTikRouterBoard 6.38.5. A remote attacker can exploit this vulnerability with a large number of TCPRST packets to cause a denial of service (depleting all available CPUs). MikroTik RouterBoard is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a high CPU consumption, resulting in a denial-of-service condition. MikroTik RouterBoard 6.38.5 is vulnerable; other versions also affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-1222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.6,
"vendor": "mikrotik",
"version": "6.38.5"
},
{
"model": "routerboard",
"scope": "eq",
"trust": 0.9,
"vendor": "mikrotik",
"version": "6.38.5"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04741"
},
{
"db": "BID",
"id": "97266"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1214"
},
{
"db": "NVD",
"id": "CVE-2017-7285"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hosein Askari (FarazPajohan).",
"sources": [
{
"db": "BID",
"id": "97266"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7285",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7285",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04741",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-115488",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7285",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7285",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7285",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04741",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1214",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115488",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04741"
},
{
"db": "VULHUB",
"id": "VHN-115488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1214"
},
{
"db": "NVD",
"id": "CVE-2017-7285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. MikroTik Contains a resource exhaustion vulnerability.Service operation interruption (DoS) An attack may be carried out. MikroTikRouterBoard is a router management panel from MikroTik, Republic of Latvia. There is a security vulnerability in the networkstack in MikroTikRouterBoard 6.38.5. A remote attacker can exploit this vulnerability with a large number of TCPRST packets to cause a denial of service (depleting all available CPUs). MikroTik RouterBoard is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a high CPU consumption, resulting in a denial-of-service condition. \nMikroTik RouterBoard 6.38.5 is vulnerable; other versions also affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7285"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
},
{
"db": "CNVD",
"id": "CNVD-2017-04741"
},
{
"db": "BID",
"id": "97266"
},
{
"db": "VULHUB",
"id": "VHN-115488"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-115488",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115488"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7285",
"trust": 3.4
},
{
"db": "CXSECURITY",
"id": "WLB-2017030242",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "41752",
"trust": 2.3
},
{
"db": "BID",
"id": "97266",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1214",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "41752",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-04741",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141917",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-115488",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04741"
},
{
"db": "VULHUB",
"id": "VHN-115488"
},
{
"db": "BID",
"id": "97266"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1214"
},
{
"db": "NVD",
"id": "CVE-2017-7285"
}
]
},
"id": "VAR-201703-1222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04741"
},
{
"db": "VULHUB",
"id": "VHN-115488"
}
],
"trust": 1.34285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04741"
}
]
},
"last_update_date": "2024-11-23T22:18:03.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RouterOS",
"trust": 0.8,
"url": "https://www.mikrotik.com/software"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115488"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
},
{
"db": "NVD",
"id": "CVE-2017-7285"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cxsecurity.com/issue/wlb-2017030242"
},
{
"trust": 2.3,
"url": "https://www.exploit-db.com/exploits/41752/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97266"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7285"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7285"
},
{
"trust": 0.3,
"url": "http://www.mikrotik.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04741"
},
{
"db": "VULHUB",
"id": "VHN-115488"
},
{
"db": "BID",
"id": "97266"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1214"
},
{
"db": "NVD",
"id": "CVE-2017-7285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04741"
},
{
"db": "VULHUB",
"id": "VHN-115488"
},
{
"db": "BID",
"id": "97266"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1214"
},
{
"db": "NVD",
"id": "CVE-2017-7285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04741"
},
{
"date": "2017-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-115488"
},
{
"date": "2017-03-29T00:00:00",
"db": "BID",
"id": "97266"
},
{
"date": "2017-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002906"
},
{
"date": "2017-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1214"
},
{
"date": "2017-03-29T14:59:00.483000",
"db": "NVD",
"id": "CVE-2017-7285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04741"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-115488"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97266"
},
{
"date": "2017-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002906"
},
{
"date": "2017-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1214"
},
{
"date": "2024-11-21T03:31:33.073000",
"db": "NVD",
"id": "CVE-2017-7285"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1214"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1214"
}
],
"trust": 0.6
}
}
var-202203-0674
Vulnerability from variot
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10. MikroTik of routeros Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. The following products are affected: mikrotik-vm-6.46, mikrotik-vm-6.46.8, mikrotik-tile-6.46.8, mikrotik-6.47.9, and mikrotik-6.47.10
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0674",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.47.10"
},
{
"model": "routeros",
"scope": "eq",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.47.9"
},
{
"model": "routeros",
"scope": "eq",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.46.8"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018993"
},
{
"db": "NVD",
"id": "CVE-2021-41987"
}
]
},
"cve": "CVE-2021-41987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-41987",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-403103",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-41987",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-41987",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-41987",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1534",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-403103",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-41987",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403103"
},
{
"db": "VULMON",
"id": "CVE-2021-41987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018993"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1534"
},
{
"db": "NVD",
"id": "CVE-2021-41987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10. MikroTik of routeros Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. The following products are affected: mikrotik-vm-6.46, mikrotik-vm-6.46.8, mikrotik-tile-6.46.8, mikrotik-6.47.9, and mikrotik-6.47.10",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018993"
},
{
"db": "VULHUB",
"id": "VHN-403103"
},
{
"db": "VULMON",
"id": "CVE-2021-41987"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41987",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018993",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1534",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-403103",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-41987",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403103"
},
{
"db": "VULMON",
"id": "CVE-2021-41987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018993"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1534"
},
{
"db": "NVD",
"id": "CVE-2021-41987"
}
]
},
"id": "VAR-202203-0674",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-403103"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:47:29.647000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MikroTik RouterOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187121"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1534"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403103"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018993"
},
{
"db": "NVD",
"id": "CVE-2021-41987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://mikrotik.com/download/archive"
},
{
"trust": 2.6,
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41987"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-41987/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403103"
},
{
"db": "VULMON",
"id": "CVE-2021-41987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018993"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1534"
},
{
"db": "NVD",
"id": "CVE-2021-41987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-403103"
},
{
"db": "VULMON",
"id": "CVE-2021-41987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018993"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1534"
},
{
"db": "NVD",
"id": "CVE-2021-41987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-403103"
},
{
"date": "2022-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41987"
},
{
"date": "2023-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018993"
},
{
"date": "2022-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1534"
},
{
"date": "2022-03-16T15:15:14.547000",
"db": "NVD",
"id": "CVE-2021-41987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-403103"
},
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41987"
},
{
"date": "2023-07-12T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-018993"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1534"
},
{
"date": "2024-11-21T06:27:01.380000",
"db": "NVD",
"id": "CVE-2021-41987"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1534"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik\u00a0 of \u00a0routeros\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018993"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1534"
}
],
"trust": 0.6
}
}
var-202010-0242
Vulnerability from variot
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. MikroTik RouterOS Exists in an integer overflow vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0242",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.45.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.45.5 less than"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016058"
},
{
"db": "NVD",
"id": "CVE-2019-16160"
}
]
},
"cve": "CVE-2019-16160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-16160",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-148279",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-16160",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-16160",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16160",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-16160",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-216",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-148279",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148279"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016058"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-216"
},
{
"db": "NVD",
"id": "CVE-2019-16160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. MikroTik RouterOS Exists in an integer overflow vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16160"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016058"
},
{
"db": "VULHUB",
"id": "VHN-148279"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16160",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016058",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-216",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-148279",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148279"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016058"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-216"
},
{
"db": "NVD",
"id": "CVE-2019-16160"
}
]
},
"id": "VAR-202010-0242",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-148279"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:29:28.299000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "v6.45.5\u00a0[stable]\u00a0is\u00a0released! MikroTik",
"trust": 0.8,
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-191",
"trust": 1.0
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-190",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148279"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016058"
},
{
"db": "NVD",
"id": "CVE-2019-16160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"trust": 1.7,
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
},
{
"trust": 1.7,
"url": "https://mikrotik.com"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16160"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148279"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016058"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-216"
},
{
"db": "NVD",
"id": "CVE-2019-16160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-148279"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016058"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-216"
},
{
"db": "NVD",
"id": "CVE-2019-16160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-148279"
},
{
"date": "2021-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016058"
},
{
"date": "2020-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-216"
},
{
"date": "2020-10-07T16:15:12.390000",
"db": "NVD",
"id": "CVE-2019-16160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-148279"
},
{
"date": "2021-04-26T06:22:00",
"db": "JVNDB",
"id": "JVNDB-2019-016058"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-216"
},
{
"date": "2024-11-21T04:30:10.230000",
"db": "NVD",
"id": "CVE-2019-16160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-216"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik\u00a0RouterOS\u00a0 Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016058"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-216"
}
],
"trust": 0.6
}
}
var-202107-0081
Vulnerability from variot
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Three vulnerabilities found in MikroTik's RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.6 (long-term tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008944"
},
{
"db": "NVD",
"id": "CVE-2020-20216"
}
]
},
"cve": "CVE-2020-20216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20216",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173672",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20216",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20216",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20216",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20216",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-298",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173672",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173672"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008944"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-298"
},
{
"db": "NVD",
"id": "CVE-2020-20216"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20216"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008944"
},
{
"db": "VULHUB",
"id": "VHN-173672"
},
{
"db": "VULMON",
"id": "CVE-2020-20216"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20216",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008944",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-298",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173672",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20216",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173672"
},
{
"db": "VULMON",
"id": "CVE-2020-20216"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008944"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-298"
},
{
"db": "NVD",
"id": "CVE-2020-20216"
}
]
},
"id": "VAR-202107-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173672"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:11:50.829000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008944"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173672"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008944"
},
{
"db": "NVD",
"id": "CVE-2020-20216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/may/10"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20216"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173672"
},
{
"db": "VULMON",
"id": "CVE-2020-20216"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008944"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-298"
},
{
"db": "NVD",
"id": "CVE-2020-20216"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173672"
},
{
"db": "VULMON",
"id": "CVE-2020-20216"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008944"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-298"
},
{
"db": "NVD",
"id": "CVE-2020-20216"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-173672"
},
{
"date": "2022-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008944"
},
{
"date": "2021-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-298"
},
{
"date": "2021-07-07T14:15:09.507000",
"db": "NVD",
"id": "CVE-2020-20216"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-173672"
},
{
"date": "2022-03-31T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-008944"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-298"
},
{
"date": "2021-07-08T12:54:24.230000",
"db": "NVD",
"id": "CVE-2020-20216"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-298"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008944"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-298"
}
],
"trust": 0.6
}
}
var-202107-0086
Vulnerability from variot
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0086",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"db": "NVD",
"id": "CVE-2020-20230"
}
]
},
"cve": "CVE-2020-20230",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20230",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173688",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20230",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20230",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20230",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20230",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1285",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173688",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20230",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173688"
},
{
"db": "VULMON",
"id": "CVE-2020-20230"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1285"
},
{
"db": "NVD",
"id": "CVE-2020-20230"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20230"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"db": "VULHUB",
"id": "VHN-173688"
},
{
"db": "VULMON",
"id": "CVE-2020-20230"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20230",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009663",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1285",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173688",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20230",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173688"
},
{
"db": "VULMON",
"id": "CVE-2020-20230"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1285"
},
{
"db": "NVD",
"id": "CVE-2020-20230"
}
]
},
"id": "VAR-202107-0086",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173688"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:25:18.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "Mikrotik RouterOs Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157823"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1285"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173688"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"db": "NVD",
"id": "CVE-2020-20230"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2020-20230/readme.md"
},
{
"trust": 1.9,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20230"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-20230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173688"
},
{
"db": "VULMON",
"id": "CVE-2020-20230"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1285"
},
{
"db": "NVD",
"id": "CVE-2020-20230"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173688"
},
{
"db": "VULMON",
"id": "CVE-2020-20230"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1285"
},
{
"db": "NVD",
"id": "CVE-2020-20230"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-173688"
},
{
"date": "2021-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20230"
},
{
"date": "2022-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"date": "2021-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1285"
},
{
"date": "2021-07-19T17:15:10.943000",
"db": "NVD",
"id": "CVE-2020-20230"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-173688"
},
{
"date": "2022-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20230"
},
{
"date": "2022-05-17T02:23:00",
"db": "JVNDB",
"id": "JVNDB-2021-009663"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1285"
},
{
"date": "2022-09-08T21:22:28.470000",
"db": "NVD",
"id": "CVE-2020-20230"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1285"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Resource Depletion Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009663"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1285"
}
],
"trust": 0.6
}
}
var-202107-0089
Vulnerability from variot
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service. Mikrotik RouterOs Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"db": "NVD",
"id": "CVE-2020-20249"
}
]
},
"cve": "CVE-2020-20249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20249",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173708",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20249",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20249",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20249",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20249",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173708",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173708"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1302"
},
{
"db": "NVD",
"id": "CVE-2020-20249"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service. Mikrotik RouterOs Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20249"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"db": "VULHUB",
"id": "VHN-173708"
},
{
"db": "VULMON",
"id": "CVE-2020-20249"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20249",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009895",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1302",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173708",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20249",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173708"
},
{
"db": "VULMON",
"id": "CVE-2020-20249"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1302"
},
{
"db": "NVD",
"id": "CVE-2020-20249"
}
]
},
"id": "VAR-202107-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173708"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:17:10.298000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "Mikrotik RouterOs Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158243"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1302"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173708"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"db": "NVD",
"id": "CVE-2020-20249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2020-20249/readme.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173708"
},
{
"db": "VULMON",
"id": "CVE-2020-20249"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1302"
},
{
"db": "NVD",
"id": "CVE-2020-20249"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173708"
},
{
"db": "VULMON",
"id": "CVE-2020-20249"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1302"
},
{
"db": "NVD",
"id": "CVE-2020-20249"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-173708"
},
{
"date": "2021-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20249"
},
{
"date": "2022-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"date": "2021-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1302"
},
{
"date": "2021-07-19T18:15:08.260000",
"db": "NVD",
"id": "CVE-2020-20249"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-173708"
},
{
"date": "2021-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20249"
},
{
"date": "2022-06-06T06:35:00",
"db": "JVNDB",
"id": "JVNDB-2021-009895"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1302"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2020-20249"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1302"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009895"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1302"
}
],
"trust": 0.6
}
}
var-202009-0180
Vulnerability from variot
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. MikroTik RouterOS Is vulnerable to array index validation.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Attackers can use this vulnerability to modify the setup-request package (ie su -12964) to destroy the SMB server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "gte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.41.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "7.0"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.46.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.41.3 to 6.46.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "7.0 beta5 for up to 7.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"db": "NVD",
"id": "CVE-2020-11881"
}
]
},
"cve": "CVE-2020-11881",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-11881",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-164504",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-11881",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-11881",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11881",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-11881",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-894",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164504",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11881",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164504"
},
{
"db": "VULMON",
"id": "CVE-2020-11881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-894"
},
{
"db": "NVD",
"id": "CVE-2020-11881"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. MikroTik RouterOS Is vulnerable to array index validation.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Attackers can use this vulnerability to modify the setup-request package (ie su -12964) to destroy the SMB server",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"db": "VULHUB",
"id": "VHN-164504"
},
{
"db": "VULMON",
"id": "CVE-2020-11881"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11881",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011344",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202009-894",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-164504",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11881",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164504"
},
{
"db": "VULMON",
"id": "CVE-2020-11881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-894"
},
{
"db": "NVD",
"id": "CVE-2020-11881"
}
]
},
"id": "VAR-202009-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-164504"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:11:23.971000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com"
},
{
"title": "MikroTik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128580"
},
{
"title": "CVE-2020-11881",
"trust": 0.1,
"url": "https://github.com/botlabsDev/CVE-2020-11881 "
},
{
"title": "Mikrotik",
"trust": 0.1,
"url": "https://github.com/enoleriand-alt/Mikrotik "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/Jonathan-Elias/PoC "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-129",
"trust": 1.1
},
{
"problemtype": "Improper validation of array indexes (CWE-129) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164504"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"db": "NVD",
"id": "CVE-2020-11881"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://github.com/botlabsdev/cve-2020-11881"
},
{
"trust": 1.8,
"url": "https://mikrotik.com"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11881"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/129.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164504"
},
{
"db": "VULMON",
"id": "CVE-2020-11881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-894"
},
{
"db": "NVD",
"id": "CVE-2020-11881"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-164504"
},
{
"db": "VULMON",
"id": "CVE-2020-11881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-894"
},
{
"db": "NVD",
"id": "CVE-2020-11881"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-164504"
},
{
"date": "2020-09-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11881"
},
{
"date": "2021-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"date": "2020-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-894"
},
{
"date": "2020-09-14T21:15:10.137000",
"db": "NVD",
"id": "CVE-2020-11881"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-164504"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11881"
},
{
"date": "2021-03-29T08:19:00",
"db": "JVNDB",
"id": "JVNDB-2020-011344"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-894"
},
{
"date": "2024-11-21T04:58:49.057000",
"db": "NVD",
"id": "CVE-2020-11881"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-894"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik\u00a0RouterOS\u00a0 Array index validation vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-894"
}
],
"trust": 0.6
}
}
var-201808-0570
Vulnerability from variot
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting. Mikrotik RouterOS Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0570",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.40.9"
},
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.42.7"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.6,
"vendor": "microtik",
"version": "6.42.7"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.6,
"vendor": "microtik",
"version": "6.40.9"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "5.15"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-760"
},
{
"db": "NVD",
"id": "CVE-2018-1159"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
}
]
},
"cve": "CVE-2018-1159",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-1159",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-16526",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-121464",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-1159",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1159",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-1159",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16526",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-760",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-121464",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"db": "VULHUB",
"id": "VHN-121464"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-760"
},
{
"db": "NVD",
"id": "CVE-2018-1159"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting. Mikrotik RouterOS Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1159"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"db": "VULHUB",
"id": "VHN-121464"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1159",
"trust": 3.1
},
{
"db": "TENABLE",
"id": "TRA-2018-21",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009037",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-760",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-16526",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-121464",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"db": "VULHUB",
"id": "VHN-121464"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-760"
},
{
"db": "NVD",
"id": "CVE-2018-1159"
}
]
},
"id": "VAR-201808-0570",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"db": "VULHUB",
"id": "VHN-121464"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16526"
}
]
},
"last_update_date": "2024-11-23T21:52:55.265000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release 6.42.7",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"title": "Release 6.42.7",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs"
},
{
"title": "MikrotikRouterOS memory corruption vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138529"
},
{
"title": "Mikrotik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84251"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-760"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121464"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"db": "NVD",
"id": "CVE-2018-1159"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1159"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1159"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"db": "VULHUB",
"id": "VHN-121464"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-760"
},
{
"db": "NVD",
"id": "CVE-2018-1159"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"db": "VULHUB",
"id": "VHN-121464"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-760"
},
{
"db": "NVD",
"id": "CVE-2018-1159"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"date": "2018-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-121464"
},
{
"date": "2018-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"date": "2018-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-760"
},
{
"date": "2018-08-23T19:29:00.690000",
"db": "NVD",
"id": "CVE-2018-1159"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16526"
},
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-121464"
},
{
"date": "2018-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009037"
},
{
"date": "2018-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-760"
},
{
"date": "2024-11-21T03:59:18.417000",
"db": "NVD",
"id": "CVE-2018-1159"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-760"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009037"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-760"
}
],
"trust": 0.6
}
}
var-202208-2056
Vulnerability from variot
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. MikroTik of routeros Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2056",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.48.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.48.3 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015967"
},
{
"db": "NVD",
"id": "CVE-2022-36522"
}
]
},
"cve": "CVE-2022-36522",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-36522",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-36522",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-36522",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-36522",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4234",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015967"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4234"
},
{
"db": "NVD",
"id": "CVE-2022-36522"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. MikroTik of routeros Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36522"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015967"
},
{
"db": "VULHUB",
"id": "VHN-432565"
},
{
"db": "VULMON",
"id": "CVE-2022-36522"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36522",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015967",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4234",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-432565",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-36522",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432565"
},
{
"db": "VULMON",
"id": "CVE-2022-36522"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015967"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4234"
},
{
"db": "NVD",
"id": "CVE-2022-36522"
}
]
},
"id": "VAR-202208-2056",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-432565"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:17:44.132000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-617",
"trust": 1.1
},
{
"problemtype": "Reachable assertions (CWE-617) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432565"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015967"
},
{
"db": "NVD",
"id": "CVE-2022-36522"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://seclists.org/fulldisclosure/2021/jul/0"
},
{
"trust": 2.5,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2022-36522/readme.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36522"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36522/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-432565"
},
{
"db": "VULMON",
"id": "CVE-2022-36522"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015967"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4234"
},
{
"db": "NVD",
"id": "CVE-2022-36522"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-432565"
},
{
"db": "VULMON",
"id": "CVE-2022-36522"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015967"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4234"
},
{
"db": "NVD",
"id": "CVE-2022-36522"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-432565"
},
{
"date": "2022-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36522"
},
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015967"
},
{
"date": "2022-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4234"
},
{
"date": "2022-08-26T18:15:09.173000",
"db": "NVD",
"id": "CVE-2022-36522"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-432565"
},
{
"date": "2022-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36522"
},
{
"date": "2023-09-29T08:06:00",
"db": "JVNDB",
"id": "JVNDB-2022-015967"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4234"
},
{
"date": "2022-09-01T19:19:27.237000",
"db": "NVD",
"id": "CVE-2022-36522"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4234"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik\u00a0 of \u00a0routeros\u00a0 Reachable Assertiveness Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015967"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4234"
}
],
"trust": 0.6
}
}
var-201311-0513
Vulnerability from variot
The MikroTik RouterOS software turns a standard PC into a network router. MikroTik RouterOS has a default administrative account 'admin' with a blank password that allows remote attackers to use this account to gain unauthorized access to this setting.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0513",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": null,
"trust": 0.6,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14324"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-14324",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-14324",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14324"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The MikroTik RouterOS software turns a standard PC into a network router. MikroTik RouterOS has a default administrative account \u0027admin\u0027 with a blank password that allows remote attackers to use this account to gain unauthorized access to this setting.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14324"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14324",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14324"
}
]
},
"id": "VAR-201311-0513",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14324"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14324"
}
]
},
"last_update_date": "2022-05-04T08:57:44.579000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://dariusfreamon.wordpress.com/2013/11/03/sunday-shodan-defaults-4/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14324"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Default Management Account Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14324"
}
],
"trust": 0.6
}
}
var-202107-0079
Vulnerability from variot
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Three vulnerabilities found in MikroTik's RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.5 (long-term tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008942"
},
{
"db": "NVD",
"id": "CVE-2020-20213"
}
]
},
"cve": "CVE-2020-20213",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20213",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173669",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20213",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20213",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20213",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20213",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-293",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173669",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173669"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008942"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-293"
},
{
"db": "NVD",
"id": "CVE-2020-20213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20213"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008942"
},
{
"db": "VULHUB",
"id": "VHN-173669"
},
{
"db": "VULMON",
"id": "CVE-2020-20213"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20213",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008942",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-293",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173669",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20213",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173669"
},
{
"db": "VULMON",
"id": "CVE-2020-20213"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008942"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-293"
},
{
"db": "NVD",
"id": "CVE-2020-20213"
}
]
},
"id": "VAR-202107-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173669"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:01:26.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008942"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-674",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173669"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008942"
},
{
"db": "NVD",
"id": "CVE-2020-20213"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/may/10"
},
{
"trust": 1.7,
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20213"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173669"
},
{
"db": "VULMON",
"id": "CVE-2020-20213"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008942"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-293"
},
{
"db": "NVD",
"id": "CVE-2020-20213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173669"
},
{
"db": "VULMON",
"id": "CVE-2020-20213"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008942"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-293"
},
{
"db": "NVD",
"id": "CVE-2020-20213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-173669"
},
{
"date": "2022-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008942"
},
{
"date": "2021-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-293"
},
{
"date": "2021-07-07T14:15:09.393000",
"db": "NVD",
"id": "CVE-2020-20213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-173669"
},
{
"date": "2022-03-31T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-008942"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-293"
},
{
"date": "2022-11-07T14:17:47.773000",
"db": "NVD",
"id": "CVE-2020-20213"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-293"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Resource Depletion Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008942"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-293"
}
],
"trust": 0.6
}
}
var-201907-0318
Vulnerability from variot
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management. MikroTik router Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikrouters is a router product from MikroTik, Latvia. There are security vulnerabilities in the FTP daemons of MikroTikrouters 6.44.3 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routers",
"scope": "lte",
"trust": 0.6,
"vendor": "mikrotik",
"version": "\u003c=6.44.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"db": "NVD",
"id": "CVE-2019-13074"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
}
]
},
"cve": "CVE-2019-13074",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13074",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-21936",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-144884",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13074",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13074",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13074",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-21936",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-215",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-144884",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"db": "VULHUB",
"id": "VHN-144884"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-215"
},
{
"db": "NVD",
"id": "CVE-2019-13074"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management. MikroTik router Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikrouters is a router product from MikroTik, Latvia. There are security vulnerabilities in the FTP daemons of MikroTikrouters 6.44.3 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"db": "VULHUB",
"id": "VHN-144884"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13074",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006144",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-215",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-21936",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-144884",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"db": "VULHUB",
"id": "VHN-144884"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-215"
},
{
"db": "NVD",
"id": "CVE-2019-13074"
}
]
},
"id": "VAR-201907-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"db": "VULHUB",
"id": "VHN-144884"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21936"
}
]
},
"last_update_date": "2024-11-23T22:33:49.907000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "v6.44.5 [long-term] is released!",
"trust": 0.8,
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"title": "Stable release tree",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"title": "MikroTikrouters denies service patch vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/168039"
},
{
"title": "MikroTik routers Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94407"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-215"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144884"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"db": "NVD",
"id": "CVE-2019-13074"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13074"
},
{
"trust": 1.7,
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13074"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"db": "VULHUB",
"id": "VHN-144884"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-215"
},
{
"db": "NVD",
"id": "CVE-2019-13074"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"db": "VULHUB",
"id": "VHN-144884"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-215"
},
{
"db": "NVD",
"id": "CVE-2019-13074"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"date": "2019-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-144884"
},
{
"date": "2019-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"date": "2019-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-215"
},
{
"date": "2019-07-03T21:15:10.513000",
"db": "NVD",
"id": "CVE-2019-13074"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21936"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-144884"
},
{
"date": "2019-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006144"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-215"
},
{
"date": "2024-11-21T04:24:08.800000",
"db": "NVD",
"id": "CVE-2019-13074"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-215"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik router Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006144"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-215"
}
],
"trust": 0.6
}
}
var-202212-0389
Vulnerability from variot
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "7.5"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45313"
}
]
},
"cve": "CVE-2022-45313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-45313",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-45313",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-2439",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2439"
},
{
"db": "NVD",
"id": "CVE-2022-45313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45313"
},
{
"db": "VULHUB",
"id": "VHN-442956"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45313",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2439",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-442956",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-442956"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2439"
},
{
"db": "NVD",
"id": "CVE-2022-45313"
}
]
},
"id": "VAR-202212-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-442956"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:37:09.566000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MikroTik RouterOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=223853"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2439"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-442956"
},
{
"db": "NVD",
"id": "CVE-2022-45313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2022-45313/readme.md"
},
{
"trust": 0.6,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/vul_hotspot_1/readme.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45313/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-442956"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2439"
},
{
"db": "NVD",
"id": "CVE-2022-45313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-442956"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2439"
},
{
"db": "NVD",
"id": "CVE-2022-45313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-442956"
},
{
"date": "2022-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2439"
},
{
"date": "2022-12-05T16:15:09.997000",
"db": "NVD",
"id": "CVE-2022-45313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-442956"
},
{
"date": "2023-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2439"
},
{
"date": "2023-02-03T19:54:40.713000",
"db": "NVD",
"id": "CVE-2022-45313"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2439"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2439"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2439"
}
],
"trust": 0.6
}
}
var-201910-0546
Vulnerability from variot
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords. RouterOS Contains a vulnerability in the integrity verification of downloaded code.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in MikroTik RouterOS 6.45.6 Stable and earlier versions and 6.44.5 Long-term and earlier versions. The vulnerability stems from the fact that the program does not fully verify the source of the update package download. An attacker can exploit this vulnerability to obtain all user names and passwords of the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0546",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.45.6"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.5 long-term"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.45.6 stable"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.1"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.44.4"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1702"
},
{
"db": "NVD",
"id": "CVE-2019-3977"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
}
]
},
"cve": "CVE-2019-3977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3977",
"impactScore": 7.8,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-155412",
"impactScore": 7.8,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:C/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3977",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-3977",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3977",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3977",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1702",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155412",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1702"
},
{
"db": "NVD",
"id": "CVE-2019-3977"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system\u0027s usernames and passwords. RouterOS Contains a vulnerability in the integrity verification of downloaded code.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in MikroTik RouterOS 6.45.6 Stable and earlier versions and 6.44.5 Long-term and earlier versions. The vulnerability stems from the fact that the program does not fully verify the source of the update package download. An attacker can exploit this vulnerability to obtain all user names and passwords of the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3977"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"db": "VULHUB",
"id": "VHN-155412"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2019-46",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2019-3977",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011452",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1702",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155412",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1702"
},
{
"db": "NVD",
"id": "CVE-2019-3977"
}
]
},
"id": "VAR-201910-0546",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155412"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:51:53.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101462"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1702"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-494",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"db": "NVD",
"id": "CVE-2019-3977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3977"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3977"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1702"
},
{
"db": "NVD",
"id": "CVE-2019-3977"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155412"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1702"
},
{
"db": "NVD",
"id": "CVE-2019-3977"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-29T00:00:00",
"db": "VULHUB",
"id": "VHN-155412"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"date": "2019-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1702"
},
{
"date": "2019-10-29T19:15:20.407000",
"db": "NVD",
"id": "CVE-2019-3977"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-155412"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011452"
},
{
"date": "2019-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1702"
},
{
"date": "2024-11-21T04:42:59.513000",
"db": "NVD",
"id": "CVE-2019-3977"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1702"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS Vulnerabilities related to incompleteness verification of downloaded code",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011452"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1702"
}
],
"trust": 0.6
}
}
var-202107-0090
Vulnerability from variot
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference. This vulnerability is CVE-2020-20253 , CVE-2020-20254 Is a different vulnerability.Denial of service (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"db": "NVD",
"id": "CVE-2020-20250"
}
]
},
"cve": "CVE-2020-20250",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20250",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173710",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20250",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20250",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20250",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20250",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-933",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173710",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20250",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173710"
},
{
"db": "VULMON",
"id": "CVE-2020-20250"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-933"
},
{
"db": "NVD",
"id": "CVE-2020-20250"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference. This vulnerability is CVE-2020-20253 , CVE-2020-20254 Is a different vulnerability.Denial of service (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20250"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"db": "VULHUB",
"id": "VHN-173710"
},
{
"db": "VULMON",
"id": "CVE-2020-20250"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20250",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009267",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-933",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173710",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20250",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173710"
},
{
"db": "VULMON",
"id": "CVE-2020-20250"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-933"
},
{
"db": "NVD",
"id": "CVE-2020-20250"
}
]
},
"id": "VAR-202107-0090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173710"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:31:41.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "Mikrotik Routeros Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156626"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173710"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"db": "NVD",
"id": "CVE-2020-20250"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2020-20250/readme.md"
},
{
"trust": 1.8,
"url": "https://mikrotik.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20250"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173710"
},
{
"db": "VULMON",
"id": "CVE-2020-20250"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-933"
},
{
"db": "NVD",
"id": "CVE-2020-20250"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173710"
},
{
"db": "VULMON",
"id": "CVE-2020-20250"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-933"
},
{
"db": "NVD",
"id": "CVE-2020-20250"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-173710"
},
{
"date": "2021-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20250"
},
{
"date": "2022-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"date": "2021-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-933"
},
{
"date": "2021-07-13T12:15:09.307000",
"db": "NVD",
"id": "CVE-2020-20250"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-173710"
},
{
"date": "2021-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20250"
},
{
"date": "2022-04-19T08:04:00",
"db": "JVNDB",
"id": "JVNDB-2021-009267"
},
{
"date": "2021-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-933"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2020-20250"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-933"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009267"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-933"
}
],
"trust": 0.6
}
}
var-202105-0091
Vulnerability from variot
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: only CVE-2020-20227 is fixed CVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
Description of vulnerabilities
These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0: /ram/pckg/routing/nova/bin/bfd
2020.06.19-18:36:13.88@0: --- signal=11
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0: eip=0x0804b175 eflags=0x00010202
2020.06.19-18:36:13.88@0: edi=0x08054a90 esi=0x08054298 ebp=0x7f9d3e88
esp=0x7f9d3e70 2020.06.19-18:36:13.88@0: eax=0x08050634 ebx=0x77777af0 ecx=0x08051274 edx=0x00000001 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: maps: 2020.06.19-18:36:13.88@0: 08048000-08050000 r-xp 00000000 00:1b 16 /ram/pckg/routing/nova/bin/bfd 2020.06.19-18:36:13.88@0: 7759a000-7759c000 r-xp 00000000 00:0c 959 /lib/libdl-0.9.33.2.so 2020.06.19-18:36:13.88@0: 7759e000-775d3000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-18:36:13.88@0: 775d7000-775f1000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-18:36:13.88@0: 775f2000-77601000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-18:36:13.88@0: 77602000-7775f000 r-xp 00000000 00:0c 954 /lib/libcrypto.so.1.0.0 2020.06.19-18:36:13.88@0: 7776f000-77777000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-18:36:13.88@0: 77778000-777c4000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-18:36:13.88@0: 777ca000-777d1000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: stack: 0x7f9d4000 - 0x7f9d3e70 2020.06.19-18:36:13.88@0: 34 06 05 08 d0 e6 04 08 d8 3e 9d 7f 90 4a 05 08 98 42 05 08 d8 3e 9d 7f f8 3e 9d 7f 6d 39 77 77 2020.06.19-18:36:13.88@0: 90 4a 05 08 28 40 9d 7f 05 00 00 00 00 43 05 08 00 00 00 00 28 90 7c 77 01 00 00 00 0c 00 00 00 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: code: 0x804b175 2020.06.19-18:36:13.88@0: ff 05 00 00 00 00 83 c4 10 c9 c3 55 89 e5 53 83
This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffer from this vulnerability.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0: /nova/bin/diskd
2020.06.05-15:00:38.33@0: --- signal=11
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0: eip=0x7775a1e3 eflags=0x00010202
2020.06.05-15:00:38.33@0: edi=0x7f9dd024 esi=0x0000000a ebp=0x7f9dceb8
esp=0x7f9dceac 2020.06.05-15:00:38.33@0: eax=0x0000000a ebx=0x777624ec ecx=0x08054600 edx=0x08056e18 2020.06.05-15:00:38.33@0: 2020.06.05-15:00:38.33@0: maps: 2020.06.05-15:00:38.33@0: 08048000-08052000 r-xp 00000000 00:0c 1049 /nova/bin/diskd 2020.06.05-15:00:38.33@0: 776ff000-77734000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.05-15:00:38.33@0: 77738000-77752000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.05-15:00:38.33@0: 77753000-77762000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.05-15:00:38.33@0: 77763000-7776b000 r-xp 00000000 00:0c 951 /lib/libubox.so 2020.06.05-15:00:38.33@0: 7776c000-777b8000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.05-15:00:38.33@0: 777be000-777c5000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.05-15:00:38.33@0: 2020.06.05-15:00:38.33@0: stack: 0x7f9de000 - 0x7f9dceac 2020.06.05-15:00:38.33@0: f4 8a 7b 77 0a 00 00 00 f4 8a 7b 77 e8 ce 9d 7f 92 be 78 77 f8 45 05 08 0a 00 00 00 18 6e 05 08 2020.06.05-15:00:38.33@0: 18 6e 05 08 e4 ce 9d 7f 24 d0 9d 7f 7c 18 76 77 24 d0 9d 7f 18 69 05 08 40 cf 9d 7f a8 cf 9d 7f 2020.06.05-15:00:38.34@0: 2020.06.05-15:00:38.34@0: code: 0x7775a1e3 2020.06.05-15:00:38.34@0: 8b 00 8b 10 01 c2 83 c2 04 52 83 c0 04 50 ff 75
This vulnerability was initially found in stable 6.47, and it was fixed at least in stable 6.48.1.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.22-20:13:36.29@0:
2020.06.22-20:13:36.29@0:
2020.06.22-20:13:36.62@0: /nova/bin/log
2020.06.22-20:13:36.62@0: --- signal=11
2020.06.22-20:13:36.62@0:
2020.06.22-20:13:36.62@0: eip=0x77709d2e eflags=0x00010202
2020.06.22-20:13:36.62@0: edi=0x0000004b esi=0x77718f00 ebp=0x7fec6858
esp=0x7fec6818 2020.06.22-20:13:36.62@0: eax=0x00000031 ebx=0x77717000 ecx=0x777171e8 edx=0x00000006 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: maps: 2020.06.22-20:13:36.62@0: 08048000-08058000 r-xp 00000000 00:0c 1005 /nova/bin/log 2020.06.22-20:13:36.62@0: 776e1000-77716000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.22-20:13:36.62@0: 7771a000-77734000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.22-20:13:36.62@0: 77735000-77744000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.22-20:13:36.62@0: 77745000-77791000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.22-20:13:36.62@0: 77797000-7779e000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: stack: 0x7fec7000 - 0x7fec6818 2020.06.22-20:13:36.62@0: 48 68 ec 7f 7b ce 73 77 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 68 ec 7f 21 ac 70 77 2020.06.22-20:13:36.62@0: 40 00 00 00 1b fb 70 77 e8 71 71 77 c0 28 06 08 88 68 ec 7f ec 44 74 77 e4 29 06 08 40 69 ec 7f 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: code: 0x77709d2e 2020.06.22-20:13:36.62@0: 8b 48 08 89 4c 96 04 e9 93 05 00 00 81 7d e0 ff
This vulnerability was initially found in stable 6.46.3, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
- By sending a crafted packet, an authenticated remote user can crash the mactel process due to NULL pointer dereference.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0: /nova/bin/mactel
2020.06.22-20:25:36.17@0: --- signal=11
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0: eip=0x0804ddc7 eflags=0x00010202
2020.06.22-20:25:36.17@0: edi=0x08055740 esi=0x7fe78144 ebp=0x7fe780c8
esp=0x7fe78090 2020.06.22-20:25:36.17@0: eax=0x00000000 ebx=0x776b9b40 ecx=0x0000000b edx=0xffffffff 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: maps: 2020.06.22-20:25:36.17@0: 08048000-08051000 r-xp 00000000 00:0c 1041 /nova/bin/mactel 2020.06.22-20:25:36.17@0: 7762c000-77661000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.22-20:25:36.17@0: 77665000-7767f000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.22-20:25:36.17@0: 77680000-7768f000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.22-20:25:36.17@0: 77690000-776ad000 r-xp 00000000 00:0c 948 /lib/libucrypto.so 2020.06.22-20:25:36.17@0: 776ae000-776af000 r-xp 00000000 00:0c 967 /lib/libutil-0.9.33.2.so 2020.06.22-20:25:36.17@0: 776b1000-776b9000 r-xp 00000000 00:0c 951 /lib/libubox.so 2020.06.22-20:25:36.17@0: 776ba000-77706000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.22-20:25:36.17@0: 7770c000-77713000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: stack: 0x7fe79000 - 0x7fe78090 2020.06.22-20:25:36.17@0: 44 81 e7 7f 01 00 00 00 ff ff ff ff 1f d0 04 08 58 57 05 08 28 b0 70 77 01 00 00 00 00 00 00 00 2020.06.22-20:25:36.17@0: 1c 85 e7 7f 04 1d 05 08 02 db 70 77 40 9b 6b 77 40 57 05 08 44 81 e7 7f f8 80 e7 7f 7c 4a 6b 77 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: code: 0x804ddc7 2020.06.22-20:25:36.17@0: 8b 50 2f 89 55 da 66 8b 40 33 66 89 45 de 83 c4
This vulnerability was initially found in stable 6.46.3, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Solution
As to CVE-2020-20227, upgrade to the corresponding latest RouterOS tree version. For others, no upgrade firmware available yet
References
[1] https://mikrotik.com/download/changelogs/stable-release-tree
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0091",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.46.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "stable 6.46.3"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006903"
},
{
"db": "NVD",
"id": "CVE-2020-20246"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-656"
}
],
"trust": 0.7
},
"cve": "CVE-2020-20246",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20246",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173705",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20246",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20246",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20246",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20246",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-656",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173705",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20246",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173705"
},
{
"db": "VULMON",
"id": "CVE-2020-20246"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006903"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-656"
},
{
"db": "NVD",
"id": "CVE-2020-20246"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. Advisory: four vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nVendor URL: https://mikrotik.com/\nVendor Status: only CVE-2020-20227 is fixed\nCVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246\nCredit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\nDescription of vulnerabilities\n==========================\nThese vulnerabilities were reported to the vendor almost one year ago. And\nthe vendor confirmed these vulnerabilities. \n\n1. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: /ram/pckg/routing/nova/bin/bfd\n 2020.06.19-18:36:13.88@0: --- signal=11\n--------------------------------------------\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: eip=0x0804b175 eflags=0x00010202\n 2020.06.19-18:36:13.88@0: edi=0x08054a90 esi=0x08054298 ebp=0x7f9d3e88\nesp=0x7f9d3e70\n 2020.06.19-18:36:13.88@0: eax=0x08050634 ebx=0x77777af0 ecx=0x08051274\nedx=0x00000001\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: maps:\n 2020.06.19-18:36:13.88@0: 08048000-08050000 r-xp 00000000 00:1b 16\n /ram/pckg/routing/nova/bin/bfd\n 2020.06.19-18:36:13.88@0: 7759a000-7759c000 r-xp 00000000 00:0c 959\n /lib/libdl-0.9.33.2.so\n 2020.06.19-18:36:13.88@0: 7759e000-775d3000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-18:36:13.88@0: 775d7000-775f1000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-18:36:13.88@0: 775f2000-77601000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-18:36:13.88@0: 77602000-7775f000 r-xp 00000000 00:0c 954\n /lib/libcrypto.so.1.0.0\n 2020.06.19-18:36:13.88@0: 7776f000-77777000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-18:36:13.88@0: 77778000-777c4000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-18:36:13.88@0: 777ca000-777d1000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: stack: 0x7f9d4000 - 0x7f9d3e70\n 2020.06.19-18:36:13.88@0: 34 06 05 08 d0 e6 04 08 d8 3e 9d 7f 90 4a 05\n08 98 42 05 08 d8 3e 9d 7f f8 3e 9d 7f 6d 39 77 77\n 2020.06.19-18:36:13.88@0: 90 4a 05 08 28 40 9d 7f 05 00 00 00 00 43 05\n08 00 00 00 00 28 90 7c 77 01 00 00 00 0c 00 00 00\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: code: 0x804b175\n 2020.06.19-18:36:13.88@0: ff 05 00 00 00 00 83 c4 10 c9 c3 55 89 e5 53\n83\n\nThis vulnerability was initially found in long-term 6.44.6, and it seems\nthat the latest stable version 6.48.2 still suffer from this vulnerability. \n\n2. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: /nova/bin/diskd\n 2020.06.05-15:00:38.33@0: --- signal=11\n--------------------------------------------\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: eip=0x7775a1e3 eflags=0x00010202\n 2020.06.05-15:00:38.33@0: edi=0x7f9dd024 esi=0x0000000a ebp=0x7f9dceb8\nesp=0x7f9dceac\n 2020.06.05-15:00:38.33@0: eax=0x0000000a ebx=0x777624ec ecx=0x08054600\nedx=0x08056e18\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: maps:\n 2020.06.05-15:00:38.33@0: 08048000-08052000 r-xp 00000000 00:0c 1049\n /nova/bin/diskd\n 2020.06.05-15:00:38.33@0: 776ff000-77734000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.05-15:00:38.33@0: 77738000-77752000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.05-15:00:38.33@0: 77753000-77762000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.05-15:00:38.33@0: 77763000-7776b000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2020.06.05-15:00:38.33@0: 7776c000-777b8000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.05-15:00:38.33@0: 777be000-777c5000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: stack: 0x7f9de000 - 0x7f9dceac\n 2020.06.05-15:00:38.33@0: f4 8a 7b 77 0a 00 00 00 f4 8a 7b 77 e8 ce 9d\n7f 92 be 78 77 f8 45 05 08 0a 00 00 00 18 6e 05 08\n 2020.06.05-15:00:38.33@0: 18 6e 05 08 e4 ce 9d 7f 24 d0 9d 7f 7c 18 76\n77 24 d0 9d 7f 18 69 05 08 40 cf 9d 7f a8 cf 9d 7f\n 2020.06.05-15:00:38.34@0:\n 2020.06.05-15:00:38.34@0: code: 0x7775a1e3\n 2020.06.05-15:00:38.34@0: 8b 00 8b 10 01 c2 83 c2 04 52 83 c0 04 50 ff\n75\n\nThis vulnerability was initially found in stable 6.47, and it was fixed at\nleast in stable 6.48.1. \n\n3. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.22-20:13:36.29@0:\n 2020.06.22-20:13:36.29@0:\n 2020.06.22-20:13:36.62@0: /nova/bin/log\n 2020.06.22-20:13:36.62@0: --- signal=11\n--------------------------------------------\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: eip=0x77709d2e eflags=0x00010202\n 2020.06.22-20:13:36.62@0: edi=0x0000004b esi=0x77718f00 ebp=0x7fec6858\nesp=0x7fec6818\n 2020.06.22-20:13:36.62@0: eax=0x00000031 ebx=0x77717000 ecx=0x777171e8\nedx=0x00000006\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: maps:\n 2020.06.22-20:13:36.62@0: 08048000-08058000 r-xp 00000000 00:0c 1005\n /nova/bin/log\n 2020.06.22-20:13:36.62@0: 776e1000-77716000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.22-20:13:36.62@0: 7771a000-77734000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.22-20:13:36.62@0: 77735000-77744000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.22-20:13:36.62@0: 77745000-77791000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.22-20:13:36.62@0: 77797000-7779e000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: stack: 0x7fec7000 - 0x7fec6818\n 2020.06.22-20:13:36.62@0: 48 68 ec 7f 7b ce 73 77 00 00 00 00 10 00 00\n00 00 00 00 00 00 00 00 00 68 68 ec 7f 21 ac 70 77\n 2020.06.22-20:13:36.62@0: 40 00 00 00 1b fb 70 77 e8 71 71 77 c0 28 06\n08 88 68 ec 7f ec 44 74 77 e4 29 06 08 40 69 ec 7f\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: code: 0x77709d2e\n 2020.06.22-20:13:36.62@0: 8b 48 08 89 4c 96 04 e9 93 05 00 00 81 7d e0\nff\n\nThis vulnerability was initially found in stable 6.46.3, and it seems that\nthe latest stable version 6.48.2 still suffers from this vulnerability. \n\n4. By\nsending a crafted packet, an authenticated remote user can crash the mactel\nprocess due to NULL pointer dereference. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: /nova/bin/mactel\n 2020.06.22-20:25:36.17@0: --- signal=11\n--------------------------------------------\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: eip=0x0804ddc7 eflags=0x00010202\n 2020.06.22-20:25:36.17@0: edi=0x08055740 esi=0x7fe78144 ebp=0x7fe780c8\nesp=0x7fe78090\n 2020.06.22-20:25:36.17@0: eax=0x00000000 ebx=0x776b9b40 ecx=0x0000000b\nedx=0xffffffff\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: maps:\n 2020.06.22-20:25:36.17@0: 08048000-08051000 r-xp 00000000 00:0c 1041\n /nova/bin/mactel\n 2020.06.22-20:25:36.17@0: 7762c000-77661000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.22-20:25:36.17@0: 77665000-7767f000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.22-20:25:36.17@0: 77680000-7768f000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.22-20:25:36.17@0: 77690000-776ad000 r-xp 00000000 00:0c 948\n /lib/libucrypto.so\n 2020.06.22-20:25:36.17@0: 776ae000-776af000 r-xp 00000000 00:0c 967\n /lib/libutil-0.9.33.2.so\n 2020.06.22-20:25:36.17@0: 776b1000-776b9000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2020.06.22-20:25:36.17@0: 776ba000-77706000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.22-20:25:36.17@0: 7770c000-77713000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: stack: 0x7fe79000 - 0x7fe78090\n 2020.06.22-20:25:36.17@0: 44 81 e7 7f 01 00 00 00 ff ff ff ff 1f d0 04\n08 58 57 05 08 28 b0 70 77 01 00 00 00 00 00 00 00\n 2020.06.22-20:25:36.17@0: 1c 85 e7 7f 04 1d 05 08 02 db 70 77 40 9b 6b\n77 40 57 05 08 44 81 e7 7f f8 80 e7 7f 7c 4a 6b 77\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: code: 0x804ddc7\n 2020.06.22-20:25:36.17@0: 8b 50 2f 89 55 da 66 8b 40 33 66 89 45 de 83\nc4\n\nThis vulnerability was initially found in stable 6.46.3, and it seems that\nthe latest stable version 6.48.2 still suffers from this vulnerability. \n\n\nSolution\n========\n\nAs to CVE-2020-20227, upgrade to the corresponding latest RouterOS tree\nversion. For others, no upgrade firmware available yet\n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/stable-release-tree\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20246"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006903"
},
{
"db": "VULHUB",
"id": "VHN-173705"
},
{
"db": "VULMON",
"id": "CVE-2020-20246"
},
{
"db": "PACKETSTORM",
"id": "162533"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20246",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162533",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006903",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-656",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173705",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20246",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173705"
},
{
"db": "VULMON",
"id": "CVE-2020-20246"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006903"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-656"
},
{
"db": "NVD",
"id": "CVE-2020-20246"
}
]
},
"id": "VAR-202105-0091",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173705"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:54:05.021000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006903"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173705"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006903"
},
{
"db": "NVD",
"id": "CVE-2020-20246"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/162533/mikrotik-routeros-memory-corruption.html"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2021/may/23"
},
{
"trust": 1.9,
"url": "https://mikrotik.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20246"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20227"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20245"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173705"
},
{
"db": "VULMON",
"id": "CVE-2020-20246"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006903"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-656"
},
{
"db": "NVD",
"id": "CVE-2020-20246"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173705"
},
{
"db": "VULMON",
"id": "CVE-2020-20246"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006903"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-656"
},
{
"db": "NVD",
"id": "CVE-2020-20246"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173705"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20246"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006903"
},
{
"date": "2021-05-11T21:38:05",
"db": "PACKETSTORM",
"id": "162533"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-656"
},
{
"date": "2021-05-18T20:15:07.513000",
"db": "NVD",
"id": "CVE-2020-20246"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173705"
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20246"
},
{
"date": "2022-01-25T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006903"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-656"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2020-20246"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-656"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006903"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-656"
}
],
"trust": 0.6
}
}
var-201702-1059
Vulnerability from variot
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. MikroTik RouterOS is a routing operating system based on the Linux kernel. MikroTik RouterOS is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. RouterOS 6.83.3 and 6.37.4 are vulnerable; other versions may also be affected. This system turns a PC computer into a professional router. L2TP Client is one of the communication protocol clients
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-1059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 3.0,
"vendor": "mikrotik",
"version": "6.37.4"
},
{
"model": "routeros",
"scope": "eq",
"trust": 2.4,
"vendor": "mikrotik",
"version": "6.83.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "microtik",
"version": "6.83.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02552"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-921"
},
{
"db": "NVD",
"id": "CVE-2017-6297"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ryan Milne",
"sources": [
{
"db": "BID",
"id": "96447"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6297",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-6297",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-02552",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-114500",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-6297",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6297",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6297",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-02552",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-921",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114500",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02552"
},
{
"db": "VULHUB",
"id": "VHN-114500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-921"
},
{
"db": "NVD",
"id": "CVE-2017-6297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. MikroTik RouterOS is a routing operating system based on the Linux kernel. MikroTik RouterOS is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nRouterOS 6.83.3 and 6.37.4 are vulnerable; other versions may also be affected. This system turns a PC computer into a professional router. L2TP Client is one of the communication protocol clients",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6297"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
},
{
"db": "CNVD",
"id": "CNVD-2017-02552"
},
{
"db": "BID",
"id": "96447"
},
{
"db": "VULHUB",
"id": "VHN-114500"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6297",
"trust": 3.4
},
{
"db": "BID",
"id": "96447",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002233",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-921",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02552",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114500",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02552"
},
{
"db": "VULHUB",
"id": "VHN-114500"
},
{
"db": "BID",
"id": "96447"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-921"
},
{
"db": "NVD",
"id": "CVE-2017-6297"
}
]
},
"id": "VAR-201702-1059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114500"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:22:36.360000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mikrotik.com/software"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
},
{
"db": "NVD",
"id": "CVE-2017-6297"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/96447"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6297"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6297"
},
{
"trust": 0.3,
"url": "http://www.mikrotik.com/software.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02552"
},
{
"db": "VULHUB",
"id": "VHN-114500"
},
{
"db": "BID",
"id": "96447"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-921"
},
{
"db": "NVD",
"id": "CVE-2017-6297"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02552"
},
{
"db": "VULHUB",
"id": "VHN-114500"
},
{
"db": "BID",
"id": "96447"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-921"
},
{
"db": "NVD",
"id": "CVE-2017-6297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02552"
},
{
"date": "2017-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-114500"
},
{
"date": "2017-02-24T00:00:00",
"db": "BID",
"id": "96447"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002233"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-921"
},
{
"date": "2017-02-27T07:59:00.347000",
"db": "NVD",
"id": "CVE-2017-6297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02552"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114500"
},
{
"date": "2017-03-07T01:07:00",
"db": "BID",
"id": "96447"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002233"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-921"
},
{
"date": "2024-11-21T03:29:29.883000",
"db": "NVD",
"id": "CVE-2017-6297"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-921"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS of L2TP Vulnerability to view unencrypted transmission data on the client",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-921"
}
],
"trust": 0.6
}
}
var-201902-0194
Vulnerability from variot
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities. MikroTik RouterOS Contains a vulnerability in bypassing filtering.Information may be obtained. MikroTik RouterOS is prone to a security-bypass vulnerability. An attacker can exploit this issue to security restrictions and perform unauthorized actions. This may lead to further attacks. MikroTik RouterOS version prior to 6.43.12, and 6.42.12 are vulnerable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.42.12"
},
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.43.12"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.41.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.51"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.50"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.49"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.48"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.46"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.45"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.44"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.43"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.41"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.40"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.26"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.25"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.15"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "4.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.13"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.12"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.11"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.10"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.09"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.08"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.07"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.0"
},
{
"model": "routeros",
"scope": "ne",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.43.12"
},
{
"model": "routeros",
"scope": "ne",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.42.12"
},
{
"model": "routeros 6.44beta75",
"scope": "ne",
"trust": 0.3,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "107177"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"db": "NVD",
"id": "CVE-2019-3924"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines,Tenable",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-775"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3924",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-155359",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3924",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3924",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3924",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-775",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155359",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155359"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-775"
},
{
"db": "NVD",
"id": "CVE-2019-3924"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities. MikroTik RouterOS Contains a vulnerability in bypassing filtering.Information may be obtained. MikroTik RouterOS is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to security restrictions and perform unauthorized actions. This may lead to further attacks. \nMikroTik RouterOS version prior to 6.43.12, and 6.42.12 are vulnerable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3924"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"db": "BID",
"id": "107177"
},
{
"db": "VULHUB",
"id": "VHN-155359"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-155359",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155359"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3924",
"trust": 2.8
},
{
"db": "TENABLE",
"id": "TRA-2019-07",
"trust": 2.8
},
{
"db": "BID",
"id": "107177",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "46444",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001911",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-775",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "151798",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-97824",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-155359",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155359"
},
{
"db": "BID",
"id": "107177"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-775"
},
{
"db": "NVD",
"id": "CVE-2019-3924"
}
]
},
"id": "VAR-201902-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155359"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:48:29.850000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89571"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-775"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-441",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155359"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"db": "NVD",
"id": "CVE-2019-3924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/107177"
},
{
"trust": 2.8,
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3924"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3924"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/151798/mikrotik-routeros-firewall-nat-bypass.html"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/46444"
},
{
"trust": 0.3,
"url": "http://www.mikrotik.com/"
},
{
"trust": 0.3,
"url": "https://mikrotik.com/download"
},
{
"trust": 0.3,
"url": "https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155359"
},
{
"db": "BID",
"id": "107177"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-775"
},
{
"db": "NVD",
"id": "CVE-2019-3924"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155359"
},
{
"db": "BID",
"id": "107177"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-775"
},
{
"db": "NVD",
"id": "CVE-2019-3924"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-155359"
},
{
"date": "2019-02-22T00:00:00",
"db": "BID",
"id": "107177"
},
{
"date": "2019-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"date": "2019-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-775"
},
{
"date": "2019-02-20T20:29:03.047000",
"db": "NVD",
"id": "CVE-2019-3924"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155359"
},
{
"date": "2019-02-22T00:00:00",
"db": "BID",
"id": "107177"
},
{
"date": "2019-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001911"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-775"
},
{
"date": "2024-11-21T04:42:52.450000",
"db": "NVD",
"id": "CVE-2019-3924"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-775"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Vulnerabilities related to filtering bypass",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-775"
}
],
"trust": 0.6
}
}
var-202107-0088
Vulnerability from variot
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in Mikrotik RouterOs 6.47 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"db": "NVD",
"id": "CVE-2020-20248"
}
]
},
"cve": "CVE-2020-20248",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20248",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173707",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20248",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20248",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20248",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20248",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1300",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173707",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20248",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173707"
},
{
"db": "VULMON",
"id": "CVE-2020-20248"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1300"
},
{
"db": "NVD",
"id": "CVE-2020-20248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in Mikrotik RouterOs 6.47 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20248"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"db": "VULHUB",
"id": "VHN-173707"
},
{
"db": "VULMON",
"id": "CVE-2020-20248"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20248",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009664",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1300",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173707",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20248",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173707"
},
{
"db": "VULMON",
"id": "CVE-2020-20248"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1300"
},
{
"db": "NVD",
"id": "CVE-2020-20248"
}
]
},
"id": "VAR-202107-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173707"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:38:00.964000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "Mikrotik RouterOs Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157824"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1300"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173707"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"db": "NVD",
"id": "CVE-2020-20248"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2020-20248/readme.md"
},
{
"trust": 1.8,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173707"
},
{
"db": "VULMON",
"id": "CVE-2020-20248"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1300"
},
{
"db": "NVD",
"id": "CVE-2020-20248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173707"
},
{
"db": "VULMON",
"id": "CVE-2020-20248"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1300"
},
{
"db": "NVD",
"id": "CVE-2020-20248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-173707"
},
{
"date": "2021-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20248"
},
{
"date": "2022-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"date": "2021-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1300"
},
{
"date": "2021-07-19T18:15:08.143000",
"db": "NVD",
"id": "CVE-2020-20248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-173707"
},
{
"date": "2021-07-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20248"
},
{
"date": "2022-05-17T02:23:00",
"db": "JVNDB",
"id": "JVNDB-2021-009664"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1300"
},
{
"date": "2022-11-07T13:56:49.153000",
"db": "NVD",
"id": "CVE-2020-20248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1300"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Resource Depletion Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009664"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1300"
}
],
"trust": 0.6
}
}
var-201904-0335
Vulnerability from variot
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk). MikroTik RouterOS Contains a path traversal vulnerability.Information may be obtained and information may be altered. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.43"
},
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.42"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.43.12"
},
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.41"
},
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.42.12"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "long-term 6.42.12"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "stable 6.43.12"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "testing 6.44beta75"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"db": "NVD",
"id": "CVE-2019-3943"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
}
]
},
"cve": "CVE-2019-3943",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-3943",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-155378",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3943",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3943",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3943",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3943",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-536",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155378",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3943",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155378"
},
{
"db": "VULMON",
"id": "CVE-2019-3943"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-536"
},
{
"db": "NVD",
"id": "CVE-2019-3943"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk). MikroTik RouterOS Contains a path traversal vulnerability.Information may be obtained and information may be altered. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3943"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"db": "VULHUB",
"id": "VHN-155378"
},
{
"db": "VULMON",
"id": "CVE-2019-3943"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3943",
"trust": 2.6
},
{
"db": "TENABLE",
"id": "TRA-2019-16",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003365",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-536",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155378",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155036",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3943",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155378"
},
{
"db": "VULMON",
"id": "CVE-2019-3943"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-536"
},
{
"db": "NVD",
"id": "CVE-2019-3943"
}
]
},
"id": "VAR-201904-0335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155378"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:51:53.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RouterOS",
"trust": 0.8,
"url": "https://mikrotik.com/software"
},
{
"title": "MikroTik RouterOS Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91351"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/NozomiNetworks/pywinbox "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3943"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-536"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
},
{
"problemtype": "CWE-23",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155378"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"db": "NVD",
"id": "CVE-2019-3943"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.tenable.com/security/research/tra-2019-16"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3943"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3943"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/nozominetworks/pywinbox"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/155036/mikrotik-routeros-6.45.6-dns-cache-poisoning.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155378"
},
{
"db": "VULMON",
"id": "CVE-2019-3943"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-536"
},
{
"db": "NVD",
"id": "CVE-2019-3943"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155378"
},
{
"db": "VULMON",
"id": "CVE-2019-3943"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-536"
},
{
"db": "NVD",
"id": "CVE-2019-3943"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-155378"
},
{
"date": "2019-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3943"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"date": "2019-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-536"
},
{
"date": "2019-04-10T21:29:01.823000",
"db": "NVD",
"id": "CVE-2019-3943"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-155378"
},
{
"date": "2019-12-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3943"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"date": "2019-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-536"
},
{
"date": "2024-11-21T04:42:54.907000",
"db": "NVD",
"id": "CVE-2019-3943"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-536"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003365"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-536"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-536"
}
],
"trust": 0.6
}
}
var-201908-0802
Vulnerability from variot
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. MikroTik RouterOS Contains an input validation vulnerability.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in MikroTik RouterOS 6.44.5 and earlier versions and 6.45.x to 6.45.3 versions. The vulnerability is caused by the program not handling disk names correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0802",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.45.3"
},
{
"model": "routeros",
"scope": "gte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.45"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.45.3 for up to 6.45.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"db": "NVD",
"id": "CVE-2019-15055"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
}
]
},
"cve": "CVE-2019-15055",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-15055",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-147063",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-15055",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15055",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-15055",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1945",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-147063",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147063"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1945"
},
{
"db": "NVD",
"id": "CVE-2019-15055"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. MikroTik RouterOS Contains an input validation vulnerability.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in MikroTik RouterOS 6.44.5 and earlier versions and 6.45.x to 6.45.3 versions. The vulnerability is caused by the program not handling disk names correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15055"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"db": "VULHUB",
"id": "VHN-147063"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15055",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008823",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1945",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-147063",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147063"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1945"
},
{
"db": "NVD",
"id": "CVE-2019-15055"
}
]
},
"id": "VAR-201908-0802",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147063"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:01:42.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release 6.46beta34",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"title": "MikroTik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97429"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1945"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147063"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"db": "NVD",
"id": "CVE-2019-15055"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"trust": 1.7,
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"trust": 1.7,
"url": "https://fortiguard.com/zeroday/fg-vd-19-108"
},
{
"trust": 1.7,
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15055"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15055"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147063"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1945"
},
{
"db": "NVD",
"id": "CVE-2019-15055"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147063"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1945"
},
{
"db": "NVD",
"id": "CVE-2019-15055"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-147063"
},
{
"date": "2019-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"date": "2019-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1945"
},
{
"date": "2019-08-26T21:15:11.210000",
"db": "NVD",
"id": "CVE-2019-15055"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-147063"
},
{
"date": "2019-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008823"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1945"
},
{
"date": "2024-11-21T04:27:58.123000",
"db": "NVD",
"id": "CVE-2019-15055"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1945"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008823"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1945"
}
],
"trust": 0.6
}
}
var-202107-0080
Vulnerability from variot
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a buffer error vulnerability in Mikrotik RouterOs. The following products and versions are affected: Mikrotik RouterOs prior to 6.44.6. Re: Three vulnerabilities found in MikroTik's RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.6 (long-term tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"db": "NVD",
"id": "CVE-2020-20215"
}
]
},
"cve": "CVE-2020-20215",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20215",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173671",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20215",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20215",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20215",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20215",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-358",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173671",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173671"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-358"
},
{
"db": "NVD",
"id": "CVE-2020-20215"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a buffer error vulnerability in Mikrotik RouterOs. The following products and versions are affected: Mikrotik RouterOs prior to 6.44.6. Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"db": "VULHUB",
"id": "VHN-173671"
},
{
"db": "VULMON",
"id": "CVE-2020-20215"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20215",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008943",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-358",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173671",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20215",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173671"
},
{
"db": "VULMON",
"id": "CVE-2020-20215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-358"
},
{
"db": "NVD",
"id": "CVE-2020-20215"
}
]
},
"id": "VAR-202107-0080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173671"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:22:13.092000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "Mikrotik RouterOs Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156194"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-358"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173671"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"db": "NVD",
"id": "CVE-2020-20215"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/may/10"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20215"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173671"
},
{
"db": "VULMON",
"id": "CVE-2020-20215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-358"
},
{
"db": "NVD",
"id": "CVE-2020-20215"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173671"
},
{
"db": "VULMON",
"id": "CVE-2020-20215"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-358"
},
{
"db": "NVD",
"id": "CVE-2020-20215"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-173671"
},
{
"date": "2022-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"date": "2021-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-358"
},
{
"date": "2021-07-07T14:15:09.457000",
"db": "NVD",
"id": "CVE-2020-20215"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173671"
},
{
"date": "2022-03-31T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-008943"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-358"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2020-20215"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-358"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008943"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-358"
}
],
"trust": 0.6
}
}
var-201804-0903
Vulnerability from variot
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels). MikroTik RouterOS Contains a certificate validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a routing operating system based on Linux kernel developed by Latvian MikroTik Company. This system turns a PC computer into a professional router. There is a security vulnerability in MikroTik RouterOS 6.41.4 version, which is caused by the lack of verification of the OpenVPN server certificate in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0903",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 2.4,
"vendor": "mikrotik",
"version": "6.41.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-708"
},
{
"db": "NVD",
"id": "CVE-2018-10066"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
}
]
},
"cve": "CVE-2018-10066",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10066",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-119788",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2018-10066",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10066",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10066",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-708",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-119788",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-10066",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119788"
},
{
"db": "VULMON",
"id": "CVE-2018-10066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-708"
},
{
"db": "NVD",
"id": "CVE-2018-10066"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client\u0027s internal network (for example, at site-to-site tunnels). MikroTik RouterOS Contains a certificate validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a routing operating system based on Linux kernel developed by Latvian MikroTik Company. This system turns a PC computer into a professional router. There is a security vulnerability in MikroTik RouterOS 6.41.4 version, which is caused by the lack of verification of the OpenVPN server certificate in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
},
{
"db": "VULHUB",
"id": "VHN-119788"
},
{
"db": "VULMON",
"id": "CVE-2018-10066"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10066",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004094",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-708",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-119788",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-10066",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119788"
},
{
"db": "VULMON",
"id": "CVE-2018-10066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-708"
},
{
"db": "NVD",
"id": "CVE-2018-10066"
}
]
},
"id": "VAR-201804-0903",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-119788"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:48:44.253000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RouterOS",
"trust": 0.8,
"url": "https://mikrotik.com/software"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119788"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
},
{
"db": "NVD",
"id": "CVE-2018-10066"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10066"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10066"
},
{
"trust": 0.8,
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141687"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119788"
},
{
"db": "VULMON",
"id": "CVE-2018-10066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-708"
},
{
"db": "NVD",
"id": "CVE-2018-10066"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-119788"
},
{
"db": "VULMON",
"id": "CVE-2018-10066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-708"
},
{
"db": "NVD",
"id": "CVE-2018-10066"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-119788"
},
{
"date": "2018-04-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10066"
},
{
"date": "2018-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004094"
},
{
"date": "2018-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-708"
},
{
"date": "2018-04-13T13:29:00.487000",
"db": "NVD",
"id": "CVE-2018-10066"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-119788"
},
{
"date": "2018-05-17T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10066"
},
{
"date": "2018-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004094"
},
{
"date": "2018-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-708"
},
{
"date": "2024-11-21T03:40:45.143000",
"db": "NVD",
"id": "CVE-2018-10066"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-708"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Vulnerabilities related to certificate validation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004094"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-708"
}
],
"trust": 0.6
}
}
var-201503-0428
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg. MikroTik RouterOS is an operating system for routers. MikroTik RouterOS is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This system turns a PC computer into a professional router. MikroTik RouterOS < v5.0 Admin Password Change CSRF Vulnerability by @SymbianSyMoh
What is MikroTik RouterOS?! MikroTik RouterOS is an operating system based on the Linux kernel, known as the MikroTik RouterOS. Installed on the company's proprietary hardware (RouterBOARD series), or on standard x86-based computers, it turns a computer into a network router and implements various additional features, such as firewalling, virtual private network (VPN) service and client, bandwidth shaping and quality of service, wireless access point functions and other commonly used features when interconnecting networks. The system is also able to serve as a captive-portal-based hotspot system. __"Wikipedia"
What is CSRF Attack?! Cross-Site Request Forgery (CSRF) is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (like sending a link via email/chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transfering funds, changing their email address, etc. If the victim is an administrative account, CSRF can compromise the entire web application. __"OWASP"
Affected Versions: All MikroTik RouterOS versions before v5.0
PoC Code:
MikroTik RouterOS < v4 Admin Password Change CSRF VulnerabilityMikroTik RouterOS < v4 Admin Password Change CSRF Vulnerability by @SymbianSyMoh
Video PoC: http://youtu.be/FHrvHJeLjLA http://s.bl-1.com/h/mPQQ237?url=http://youtu.be/FHrvHJeLjLA
-- Best Regards,,
Mohamed Abdelbaset ElnobyGuru Programmer, Information Security Evangelist & Bug Bounty Hunter. LinkedIn http://s.bl-1.com/h/mPQQ6S9?url=https://www.linkedin.com/in/symbiansymohCurriculum Vitae http://s.bl-1.com/h/mPQQCrC?url=http://goo.gl/cNrVpL http://s.bl-1.com/h/mPQQHFF?url=https://www.linkedin.com/in/symbiansymoh Facebook http://s.bl-1.com/h/mPQQNfH?url=https://fb.com/symbiansymohTwitter http://s.bl-1.com/h/mPQQS2K?url=https://twitter.com/symbiansymoh
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0428",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.8,
"vendor": "mikrotik",
"version": "5.0"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.6,
"vendor": "mikrotik",
"version": "v5.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "5.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.51"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.50"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.49"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.48"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.46"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.45"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.44"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.43"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.41"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.40"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "4.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.13"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.12"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.11"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.10"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.09"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.08"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.07"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.0"
},
{
"model": "routeros",
"scope": "ne",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01812"
},
{
"db": "BID",
"id": "73013"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001894"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-391"
},
{
"db": "NVD",
"id": "CVE-2015-2350"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001894"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mohamed Abdelbaset Elnoby",
"sources": [
{
"db": "BID",
"id": "73013"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2350",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2350",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-01812",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80311",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2350",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2350",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-01812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80311",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01812"
},
{
"db": "VULHUB",
"id": "VHN-80311"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001894"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-391"
},
{
"db": "NVD",
"id": "CVE-2015-2350"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg. MikroTik RouterOS is an operating system for routers. MikroTik RouterOS is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This system turns a PC computer into a professional router. MikroTik RouterOS \u003c v5.0 Admin Password Change CSRF Vulnerability by\n@SymbianSyMoh\n\nWhat is MikroTik RouterOS?!\nMikroTik RouterOS is an operating system based on the Linux kernel, known\nas the MikroTik RouterOS. Installed on the company\u0027s proprietary hardware\n(RouterBOARD series), or on standard x86-based computers, it turns a\ncomputer into a network router and implements various additional features,\nsuch as firewalling, virtual private network (VPN) service and client,\nbandwidth shaping and quality of service, wireless access point functions\nand other commonly used features when interconnecting networks. The system\nis also able to serve as a captive-portal-based hotspot system. \n__\"Wikipedia\"\n\n\nWhat is CSRF Attack?!\nCross-Site Request Forgery (CSRF) is an attack which forces an end user to\nexecute unwanted actions on a web application in which he/she is currently\nauthenticated. CSRF attacks specifically target state-changing requests,\nnot theft of data, since the attacker has no way to see the response to the\nforged request. With a little help of social engineering (like sending a\nlink via email/chat), an attacker may trick the users of a web application\ninto executing actions of the attacker\u0027s choosing. If the victim is a\nnormal user, a successful CSRF attack can force the user to perform state\nchanging requests like transfering funds, changing their email address,\netc. If the victim is an administrative account, CSRF can compromise the\nentire web application. \n__\"OWASP\"\n\n\nAffected Versions:\nAll MikroTik RouterOS versions before v5.0\n\n\nPoC Code:\n\u003chtml\u003e\n\u003cbody\u003e\n\u003ctitle\u003eMikroTik RouterOS \u003c v4 Admin Password Change CSRF\nVulnerability\u003c/title\u003e\n\u003ch1\u003e\u003cb\u003eMikroTik RouterOS \u003c v4 Admin Password Change CSRF Vulnerability by\n@SymbianSyMoh\u003c/b\u003e\u003c/h1\u003e\u003c/br\u003e\n\u003cinput type=\"submit\" value=\"Do it\" onclick=\"var\nbtn=document.createElement(\u0027IFRAME\u0027);btn.src=\u0027\nhttp://192.168.0.2/cfg?page=status\u0026counter=1000\u0026process=password\u0026password1=Pwn3D2015\u0026password2=Pwn3D2015\u0026button=ok\u0027;btn.width=\u00270\u0027;btn.height=\u00270\u0027;btn.id=\u0027myIframe\u0027;document.body.appendChild(btn);alert(\u0027Pwned\u0027)\n\u003chttp://s.bl-1.com/h/mPQQyg5?url=http://192.168.0.2/cfg?page=status\u0026counter=1000\u0026process=password\u0026password1=Pwn3D2015\u0026password2=Pwn3D2015\u0026button=ok%27;btn.width=%270%27;btn.height=%270%27;btn.id=%27myIframe%27;document.body.appendChild(btn);alert(%27Pwned%27)\u003e\n;\"\u003e\u003c/br\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n\n\nVideo PoC:\nhttp://youtu.be/FHrvHJeLjLA\n\u003chttp://s.bl-1.com/h/mPQQ237?url=http://youtu.be/FHrvHJeLjLA\u003e\n\n-- \n*Best Regards**,**,*\n\n\n*Mohamed Abdelbaset Elnoby*Guru Programmer, Information Security Evangelist\n\u0026 Bug Bounty Hunter. \nLinkedIn\n\u003chttp://s.bl-1.com/h/mPQQ6S9?url=https://www.linkedin.com/in/symbiansymoh\u003eCurriculum\nVitae \u003chttp://s.bl-1.com/h/mPQQCrC?url=http://goo.gl/cNrVpL\u003e\n\u003chttp://s.bl-1.com/h/mPQQHFF?url=https://www.linkedin.com/in/symbiansymoh\u003e\nFacebook\n\u003chttp://s.bl-1.com/h/mPQQNfH?url=https://fb.com/symbiansymoh\u003eTwitter\n\u003chttp://s.bl-1.com/h/mPQQS2K?url=https://twitter.com/symbiansymoh\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2350"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001894"
},
{
"db": "CNVD",
"id": "CNVD-2015-01812"
},
{
"db": "BID",
"id": "73013"
},
{
"db": "VULHUB",
"id": "VHN-80311"
},
{
"db": "PACKETSTORM",
"id": "130722"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2350",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "130722",
"trust": 2.6
},
{
"db": "BID",
"id": "73013",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001894",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-391",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01812",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-91799",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-80311",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01812"
},
{
"db": "VULHUB",
"id": "VHN-80311"
},
{
"db": "BID",
"id": "73013"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001894"
},
{
"db": "PACKETSTORM",
"id": "130722"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-391"
},
{
"db": "NVD",
"id": "CVE-2015-2350"
}
]
},
"id": "VAR-201503-0428",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80311"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:27:10.602000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mikrotik.com/software"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80311"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001894"
},
{
"db": "NVD",
"id": "CVE-2015-2350"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2015/mar/49"
},
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/130722/mikrotik-routeros-cross-site-request-forgery.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/73013"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2350"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2350"
},
{
"trust": 0.3,
"url": "http://www.mikrotik.com/"
},
{
"trust": 0.1,
"url": "http://s.bl-1.com/h/mpqqs2k?url=https://twitter.com/symbiansymoh\u003e"
},
{
"trust": 0.1,
"url": "http://youtu.be/fhrvhjeljla"
},
{
"trust": 0.1,
"url": "http://s.bl-1.com/h/mpqqhff?url=https://www.linkedin.com/in/symbiansymoh\u003e"
},
{
"trust": 0.1,
"url": "http://s.bl-1.com/h/mpqq237?url=http://youtu.be/fhrvhjeljla\u003e"
},
{
"trust": 0.1,
"url": "http://s.bl-1.com/h/mpqqnfh?url=https://fb.com/symbiansymoh\u003etwitter"
},
{
"trust": 0.1,
"url": "http://s.bl-1.com/h/mpqqyg5?url=http://192.168.0.2/cfg?page=status\u0026counter=1000\u0026process=password\u0026password1=pwn3d2015\u0026password2=pwn3d2015\u0026button=ok%27;btn.width=%270%27;btn.height=%270%27;btn.id=%27myiframe%27;document.body.appendchild(btn);alert(%27pwned%27)\u003e"
},
{
"trust": 0.1,
"url": "http://s.bl-1.com/h/mpqq6s9?url=https://www.linkedin.com/in/symbiansymoh\u003ecurriculum"
},
{
"trust": 0.1,
"url": "http://192.168.0.2/cfg?page=status\u0026counter=1000\u0026process=password\u0026password1=pwn3d2015\u0026password2=pwn3d2015\u0026button=ok\u0027;btn.width=\u00270\u0027;btn.height=\u00270\u0027;btn.id=\u0027myiframe\u0027;document.body.appendchild(btn);alert(\u0027pwned\u0027)"
},
{
"trust": 0.1,
"url": "http://s.bl-1.com/h/mpqqcrc?url=http://goo.gl/cnrvpl\u003e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01812"
},
{
"db": "VULHUB",
"id": "VHN-80311"
},
{
"db": "BID",
"id": "73013"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001894"
},
{
"db": "PACKETSTORM",
"id": "130722"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-391"
},
{
"db": "NVD",
"id": "CVE-2015-2350"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01812"
},
{
"db": "VULHUB",
"id": "VHN-80311"
},
{
"db": "BID",
"id": "73013"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001894"
},
{
"db": "PACKETSTORM",
"id": "130722"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-391"
},
{
"db": "NVD",
"id": "CVE-2015-2350"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01812"
},
{
"date": "2015-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-80311"
},
{
"date": "2015-03-08T00:00:00",
"db": "BID",
"id": "73013"
},
{
"date": "2015-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001894"
},
{
"date": "2015-03-08T13:03:33",
"db": "PACKETSTORM",
"id": "130722"
},
{
"date": "2015-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-391"
},
{
"date": "2015-03-19T14:59:02.557000",
"db": "NVD",
"id": "CVE-2015-2350"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01812"
},
{
"date": "2015-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-80311"
},
{
"date": "2015-04-13T21:03:00",
"db": "BID",
"id": "73013"
},
{
"date": "2015-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001894"
},
{
"date": "2015-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-391"
},
{
"date": "2024-11-21T02:27:16.403000",
"db": "NVD",
"id": "CVE-2015-2350"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01812"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-391"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-391"
}
],
"trust": 0.6
}
}
var-202202-1481
Vulnerability from variot
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-1481",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-22844"
}
]
},
"cve": "CVE-2020-22844",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-22844",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-176563",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-22844",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-22844",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-2164",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-176563",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176563"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2164"
},
{
"db": "NVD",
"id": "CVE-2020-22844"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-22844"
},
{
"db": "VULHUB",
"id": "VHN-176563"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-22844",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2164",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-176563",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176563"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2164"
},
{
"db": "NVD",
"id": "CVE-2020-22844"
}
]
},
"id": "VAR-202202-1481",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-176563"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:53:33.703000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mikrotik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185333"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-2164"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "CWE-772",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176563"
},
{
"db": "NVD",
"id": "CVE-2020-22844"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/support"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-22844/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176563"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2164"
},
{
"db": "NVD",
"id": "CVE-2020-22844"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-176563"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2164"
},
{
"db": "NVD",
"id": "CVE-2020-22844"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-176563"
},
{
"date": "2022-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-2164"
},
{
"date": "2022-02-28T19:15:08.643000",
"db": "NVD",
"id": "CVE-2020-22844"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-176563"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-2164"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2020-22844"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-2164"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-2164"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-2164"
}
],
"trust": 0.6
}
}
var-202003-0389
Vulnerability from variot
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. plural MikroTik A router contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. MikroTik routers is a router product of Latvian MikroTik company.
The SSH daemon in MikroTik routers v6.44.3 and previous versions has a security vulnerability. A remote attacker can use this vulnerability to prevent a new authorized connection from proceeding
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "hex lite",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "hex poe lite",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "hex poe",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "hex s",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "hex",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "powerbox pro",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "powerbox",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "rb2011il-in",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "rb2011il-rm",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "rb2011ils-in",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "routers",
"scope": "lte",
"trust": 0.6,
"vendor": "mikrotik",
"version": "\u003c=6.44.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20721"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003196"
},
{
"db": "NVD",
"id": "CVE-2020-10364"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:hex_lite_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:hex_poe_lite_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:hex_poe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:hex_s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:hex_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:powerbox_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:powerbox_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:rb2011il-in_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:rb2011il-rm_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:mikrotik:rb2011ils-in_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003196"
}
]
},
"cve": "CVE-2020-10364",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10364",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-003196",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-20721",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10364",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-003196",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10364",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003196",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-20721",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1322",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20721"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003196"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1322"
},
{
"db": "NVD",
"id": "CVE-2020-10364"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. plural MikroTik A router contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. MikroTik routers is a router product of Latvian MikroTik company. \n\r\n\r\nThe SSH daemon in MikroTik routers v6.44.3 and previous versions has a security vulnerability. A remote attacker can use this vulnerability to prevent a new authorized connection from proceeding",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10364"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003196"
},
{
"db": "CNVD",
"id": "CNVD-2020-20721"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10364",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "156790",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "48228",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003196",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-20721",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1322",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20721"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003196"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1322"
},
{
"db": "NVD",
"id": "CVE-2020-10364"
}
]
},
"id": "VAR-202003-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20721"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20721"
}
]
},
"last_update_date": "2024-11-23T22:10:37.677000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003196"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
},
{
"problemtype": "CWE-400",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003196"
},
{
"db": "NVD",
"id": "CVE-2020-10364"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://packetstormsecurity.com/files/156790/microtik-ssh-daemon-6.44.3-denial-of-service.html"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10364"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10364"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003196"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1322"
},
{
"db": "NVD",
"id": "CVE-2020-10364"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-20721"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003196"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1322"
},
{
"db": "NVD",
"id": "CVE-2020-10364"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20721"
},
{
"date": "2020-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003196"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1322"
},
{
"date": "2020-03-23T16:15:13.220000",
"db": "NVD",
"id": "CVE-2020-10364"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20721"
},
{
"date": "2020-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003196"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1322"
},
{
"date": "2024-11-21T04:55:09.437000",
"db": "NVD",
"id": "CVE-2020-10364"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik routers resource management error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20721"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1322"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1322"
}
],
"trust": 0.6
}
}
var-202101-1771
Vulnerability from variot
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. RouterOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Mikrotik MikroTik RouterOS is a set of router operating systems based on Linux developed by Latvia MikroTik (Mikrotik). The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1771",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "2021-01-04"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "2021/01/04 until"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002349"
},
{
"db": "NVD",
"id": "CVE-2021-3014"
}
]
},
"cve": "CVE-2021-3014",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3014",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-380380",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-3014",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-3014",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3014",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-3014",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-036",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-380380",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002349"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-036"
},
{
"db": "NVD",
"id": "CVE-2021-3014"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. RouterOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Mikrotik MikroTik RouterOS is a set of router operating systems based on Linux developed by Latvia MikroTik (Mikrotik). The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3014"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002349"
},
{
"db": "VULHUB",
"id": "VHN-380380"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3014",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002349",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202101-036",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-380380",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002349"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-036"
},
{
"db": "NVD",
"id": "CVE-2021-3014"
}
]
},
"id": "VAR-202101-1771",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380380"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:47:42.927000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TopPage",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002349"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002349"
},
{
"db": "NVD",
"id": "CVE-2021-3014"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/m4dm0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
},
{
"trust": 1.7,
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3014"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002349"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-036"
},
{
"db": "NVD",
"id": "CVE-2021-3014"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002349"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-036"
},
{
"db": "NVD",
"id": "CVE-2021-3014"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-380380"
},
{
"date": "2021-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002349"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-036"
},
{
"date": "2021-01-04T19:15:15.390000",
"db": "NVD",
"id": "CVE-2021-3014"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-380380"
},
{
"date": "2021-09-09T09:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-002349"
},
{
"date": "2021-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-036"
},
{
"date": "2024-11-21T06:20:45.340000",
"db": "NVD",
"id": "CVE-2021-3014"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS\u00a0 Cross-site Scripting Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-036"
}
],
"trust": 0.6
}
}
var-202105-0098
Vulnerability from variot
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Mikrotik RouterOs prior to version 6.47 has a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0098",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47 (stable tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"db": "NVD",
"id": "CVE-2020-20267"
}
]
},
"cve": "CVE-2020-20267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20267",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173728",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20267",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20267",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20267",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20267",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-695",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173728",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20267",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173728"
},
{
"db": "VULMON",
"id": "CVE-2020-20267"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-695"
},
{
"db": "NVD",
"id": "CVE-2020-20267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Mikrotik RouterOs prior to version 6.47 has a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20267"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"db": "VULHUB",
"id": "VHN-173728"
},
{
"db": "VULMON",
"id": "CVE-2020-20267"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20267",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006802",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-695",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173728",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20267",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173728"
},
{
"db": "VULMON",
"id": "CVE-2020-20267"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-695"
},
{
"db": "NVD",
"id": "CVE-2020-20267"
}
]
},
"id": "VAR-202105-0098",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173728"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:50:16.411000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Stable\u00a0release\u00a0tree",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"title": "Mikrotik RouterOs Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151262"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-695"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173728"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"db": "NVD",
"id": "CVE-2020-20267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://seclists.org/fulldisclosure/2021/may/12"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20267"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173728"
},
{
"db": "VULMON",
"id": "CVE-2020-20267"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-695"
},
{
"db": "NVD",
"id": "CVE-2020-20267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173728"
},
{
"db": "VULMON",
"id": "CVE-2020-20267"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-695"
},
{
"db": "NVD",
"id": "CVE-2020-20267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-173728"
},
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20267"
},
{
"date": "2022-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-695"
},
{
"date": "2021-05-11T15:15:07.787000",
"db": "NVD",
"id": "CVE-2020-20267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-173728"
},
{
"date": "2021-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20267"
},
{
"date": "2022-01-20T07:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-006802"
},
{
"date": "2021-05-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-695"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2020-20267"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-695"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006802"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-695"
}
],
"trust": 0.6
}
}
var-201211-0306
Vulnerability from variot
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. The MikroTik RouterOS software turns a standard PC into a network router. There is a vulnerability in the Winbox server in MikroTik RouterOS 5.15 and earlier. MikroTik RouterOS is a routing operating system based on Linux kernel developed by Latvian MikroTik Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201211-0306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.9,
"vendor": "mikrotik",
"version": "5.15"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "5.15"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.6,
"vendor": "mikrotik",
"version": "\u003c=5.15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"db": "BID",
"id": "78069"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005567"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-525"
},
{
"db": "NVD",
"id": "CVE-2012-6050"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005567"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78069"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6050",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6050",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-6050",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-7738",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-59331",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6050",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-6050",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2012-7738",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201211-525",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-59331",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"db": "VULHUB",
"id": "VHN-59331"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005567"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-525"
},
{
"db": "NVD",
"id": "CVE-2012-6050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router\u0027s DLLs or plugins, as demonstrated by roteros.dll. The MikroTik RouterOS software turns a standard PC into a network router. There is a vulnerability in the Winbox server in MikroTik RouterOS 5.15 and earlier. MikroTik RouterOS is a routing operating system based on Linux kernel developed by Latvian MikroTik Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6050"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005567"
},
{
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"db": "BID",
"id": "78069"
},
{
"db": "VULHUB",
"id": "VHN-59331"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-59331",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59331"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6050",
"trust": 3.4
},
{
"db": "EXPLOIT-DB",
"id": "18817",
"trust": 2.0
},
{
"db": "XF",
"id": "75327",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005567",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201211-525",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-7738",
"trust": 0.6
},
{
"db": "BID",
"id": "78069",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-72846",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-59331",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"db": "VULHUB",
"id": "VHN-59331"
},
{
"db": "BID",
"id": "78069"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005567"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-525"
},
{
"db": "NVD",
"id": "CVE-2012-6050"
}
]
},
"id": "VAR-201211-0306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"db": "VULHUB",
"id": "VHN-59331"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7738"
}
]
},
"last_update_date": "2024-11-23T22:23:17.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MikroTik Routers and Wireless",
"trust": 0.8,
"url": "http://www.mikrotik.com/software.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005567"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59331"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005567"
},
{
"db": "NVD",
"id": "CVE-2012-6050"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"trust": 2.0,
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
},
{
"trust": 1.5,
"url": "http://xforce.iss.net/xforce/xfdb/75327"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6050"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6050"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"db": "VULHUB",
"id": "VHN-59331"
},
{
"db": "BID",
"id": "78069"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005567"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-525"
},
{
"db": "NVD",
"id": "CVE-2012-6050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"db": "VULHUB",
"id": "VHN-59331"
},
{
"db": "BID",
"id": "78069"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005567"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-525"
},
{
"db": "NVD",
"id": "CVE-2012-6050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"date": "2012-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-59331"
},
{
"date": "2012-11-26T00:00:00",
"db": "BID",
"id": "78069"
},
{
"date": "2012-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005567"
},
{
"date": "2012-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-525"
},
{
"date": "2012-11-27T04:49:26.863000",
"db": "NVD",
"id": "CVE-2012-6050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-59331"
},
{
"date": "2012-11-26T00:00:00",
"db": "BID",
"id": "78069"
},
{
"date": "2012-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005567"
},
{
"date": "2012-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-525"
},
{
"date": "2024-11-21T01:45:42.310000",
"db": "NVD",
"id": "CVE-2012-6050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-525"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Configuration Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7738"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-525"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-525"
}
],
"trust": 0.6
}
}
var-202107-0082
Vulnerability from variot
Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20217"
}
]
},
"cve": "CVE-2020-20217",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20217",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20217",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20217",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-425",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173673",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20217",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173673"
},
{
"db": "VULMON",
"id": "CVE-2020-20217"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-425"
},
{
"db": "NVD",
"id": "CVE-2020-20217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20217"
},
{
"db": "VULHUB",
"id": "VHN-173673"
},
{
"db": "VULMON",
"id": "CVE-2020-20217"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20217",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-425",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-51430",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-173673",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20217",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173673"
},
{
"db": "VULMON",
"id": "CVE-2020-20217"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-425"
},
{
"db": "NVD",
"id": "CVE-2020-20217"
}
]
},
"id": "VAR-202107-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173673"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:55:55.307000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173673"
},
{
"db": "NVD",
"id": "CVE-2020-20217"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 1.8,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2020-20217/readme.md"
},
{
"trust": 1.8,
"url": "https://mikrotik.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173673"
},
{
"db": "VULMON",
"id": "CVE-2020-20217"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-425"
},
{
"db": "NVD",
"id": "CVE-2020-20217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173673"
},
{
"db": "VULMON",
"id": "CVE-2020-20217"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-425"
},
{
"db": "NVD",
"id": "CVE-2020-20217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-173673"
},
{
"date": "2021-07-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20217"
},
{
"date": "2021-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-425"
},
{
"date": "2021-07-08T12:15:09.810000",
"db": "NVD",
"id": "CVE-2020-20217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-173673"
},
{
"date": "2021-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20217"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-425"
},
{
"date": "2022-11-07T14:10:51.637000",
"db": "NVD",
"id": "CVE-2020-20217"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-425"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-425"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-425"
}
],
"trust": 0.6
}
}
var-202105-0090
Vulnerability from variot
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: only CVE-2020-20227 is fixed CVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
Description of vulnerabilities
These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0: /ram/pckg/routing/nova/bin/bfd
2020.06.19-18:36:13.88@0: --- signal=11
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0: eip=0x0804b175 eflags=0x00010202
2020.06.19-18:36:13.88@0: edi=0x08054a90 esi=0x08054298 ebp=0x7f9d3e88
esp=0x7f9d3e70 2020.06.19-18:36:13.88@0: eax=0x08050634 ebx=0x77777af0 ecx=0x08051274 edx=0x00000001 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: maps: 2020.06.19-18:36:13.88@0: 08048000-08050000 r-xp 00000000 00:1b 16 /ram/pckg/routing/nova/bin/bfd 2020.06.19-18:36:13.88@0: 7759a000-7759c000 r-xp 00000000 00:0c 959 /lib/libdl-0.9.33.2.so 2020.06.19-18:36:13.88@0: 7759e000-775d3000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-18:36:13.88@0: 775d7000-775f1000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-18:36:13.88@0: 775f2000-77601000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-18:36:13.88@0: 77602000-7775f000 r-xp 00000000 00:0c 954 /lib/libcrypto.so.1.0.0 2020.06.19-18:36:13.88@0: 7776f000-77777000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-18:36:13.88@0: 77778000-777c4000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-18:36:13.88@0: 777ca000-777d1000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: stack: 0x7f9d4000 - 0x7f9d3e70 2020.06.19-18:36:13.88@0: 34 06 05 08 d0 e6 04 08 d8 3e 9d 7f 90 4a 05 08 98 42 05 08 d8 3e 9d 7f f8 3e 9d 7f 6d 39 77 77 2020.06.19-18:36:13.88@0: 90 4a 05 08 28 40 9d 7f 05 00 00 00 00 43 05 08 00 00 00 00 28 90 7c 77 01 00 00 00 0c 00 00 00 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: code: 0x804b175 2020.06.19-18:36:13.88@0: ff 05 00 00 00 00 83 c4 10 c9 c3 55 89 e5 53 83
This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffer from this vulnerability.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0: /nova/bin/diskd
2020.06.05-15:00:38.33@0: --- signal=11
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0: eip=0x7775a1e3 eflags=0x00010202
2020.06.05-15:00:38.33@0: edi=0x7f9dd024 esi=0x0000000a ebp=0x7f9dceb8
esp=0x7f9dceac 2020.06.05-15:00:38.33@0: eax=0x0000000a ebx=0x777624ec ecx=0x08054600 edx=0x08056e18 2020.06.05-15:00:38.33@0: 2020.06.05-15:00:38.33@0: maps: 2020.06.05-15:00:38.33@0: 08048000-08052000 r-xp 00000000 00:0c 1049 /nova/bin/diskd 2020.06.05-15:00:38.33@0: 776ff000-77734000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.05-15:00:38.33@0: 77738000-77752000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.05-15:00:38.33@0: 77753000-77762000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.05-15:00:38.33@0: 77763000-7776b000 r-xp 00000000 00:0c 951 /lib/libubox.so 2020.06.05-15:00:38.33@0: 7776c000-777b8000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.05-15:00:38.33@0: 777be000-777c5000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.05-15:00:38.33@0: 2020.06.05-15:00:38.33@0: stack: 0x7f9de000 - 0x7f9dceac 2020.06.05-15:00:38.33@0: f4 8a 7b 77 0a 00 00 00 f4 8a 7b 77 e8 ce 9d 7f 92 be 78 77 f8 45 05 08 0a 00 00 00 18 6e 05 08 2020.06.05-15:00:38.33@0: 18 6e 05 08 e4 ce 9d 7f 24 d0 9d 7f 7c 18 76 77 24 d0 9d 7f 18 69 05 08 40 cf 9d 7f a8 cf 9d 7f 2020.06.05-15:00:38.34@0: 2020.06.05-15:00:38.34@0: code: 0x7775a1e3 2020.06.05-15:00:38.34@0: 8b 00 8b 10 01 c2 83 c2 04 52 83 c0 04 50 ff 75
This vulnerability was initially found in stable 6.47, and it was fixed at least in stable 6.48.1.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.22-20:13:36.29@0:
2020.06.22-20:13:36.29@0:
2020.06.22-20:13:36.62@0: /nova/bin/log
2020.06.22-20:13:36.62@0: --- signal=11
2020.06.22-20:13:36.62@0:
2020.06.22-20:13:36.62@0: eip=0x77709d2e eflags=0x00010202
2020.06.22-20:13:36.62@0: edi=0x0000004b esi=0x77718f00 ebp=0x7fec6858
esp=0x7fec6818 2020.06.22-20:13:36.62@0: eax=0x00000031 ebx=0x77717000 ecx=0x777171e8 edx=0x00000006 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: maps: 2020.06.22-20:13:36.62@0: 08048000-08058000 r-xp 00000000 00:0c 1005 /nova/bin/log 2020.06.22-20:13:36.62@0: 776e1000-77716000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.22-20:13:36.62@0: 7771a000-77734000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.22-20:13:36.62@0: 77735000-77744000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.22-20:13:36.62@0: 77745000-77791000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.22-20:13:36.62@0: 77797000-7779e000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: stack: 0x7fec7000 - 0x7fec6818 2020.06.22-20:13:36.62@0: 48 68 ec 7f 7b ce 73 77 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 68 ec 7f 21 ac 70 77 2020.06.22-20:13:36.62@0: 40 00 00 00 1b fb 70 77 e8 71 71 77 c0 28 06 08 88 68 ec 7f ec 44 74 77 e4 29 06 08 40 69 ec 7f 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: code: 0x77709d2e 2020.06.22-20:13:36.62@0: 8b 48 08 89 4c 96 04 e9 93 05 00 00 81 7d e0 ff
This vulnerability was initially found in stable 6.46.3, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
- By sending a crafted packet, an authenticated remote user can crash the mactel process due to NULL pointer dereference.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0: /nova/bin/mactel
2020.06.22-20:25:36.17@0: --- signal=11
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0: eip=0x0804ddc7 eflags=0x00010202
2020.06.22-20:25:36.17@0: edi=0x08055740 esi=0x7fe78144 ebp=0x7fe780c8
esp=0x7fe78090 2020.06.22-20:25:36.17@0: eax=0x00000000 ebx=0x776b9b40 ecx=0x0000000b edx=0xffffffff 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: maps: 2020.06.22-20:25:36.17@0: 08048000-08051000 r-xp 00000000 00:0c 1041 /nova/bin/mactel 2020.06.22-20:25:36.17@0: 7762c000-77661000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.22-20:25:36.17@0: 77665000-7767f000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.22-20:25:36.17@0: 77680000-7768f000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.22-20:25:36.17@0: 77690000-776ad000 r-xp 00000000 00:0c 948 /lib/libucrypto.so 2020.06.22-20:25:36.17@0: 776ae000-776af000 r-xp 00000000 00:0c 967 /lib/libutil-0.9.33.2.so 2020.06.22-20:25:36.17@0: 776b1000-776b9000 r-xp 00000000 00:0c 951 /lib/libubox.so 2020.06.22-20:25:36.17@0: 776ba000-77706000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.22-20:25:36.17@0: 7770c000-77713000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: stack: 0x7fe79000 - 0x7fe78090 2020.06.22-20:25:36.17@0: 44 81 e7 7f 01 00 00 00 ff ff ff ff 1f d0 04 08 58 57 05 08 28 b0 70 77 01 00 00 00 00 00 00 00 2020.06.22-20:25:36.17@0: 1c 85 e7 7f 04 1d 05 08 02 db 70 77 40 9b 6b 77 40 57 05 08 44 81 e7 7f f8 80 e7 7f 7c 4a 6b 77 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: code: 0x804ddc7 2020.06.22-20:25:36.17@0: 8b 50 2f 89 55 da 66 8b 40 33 66 89 45 de 83 c4
This vulnerability was initially found in stable 6.46.3, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Solution
As to CVE-2020-20227, upgrade to the corresponding latest RouterOS tree version. For others, no upgrade firmware available yet
References
[1] https://mikrotik.com/download/changelogs/stable-release-tree
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.46.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "stable 6.46.3"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006902"
},
{
"db": "NVD",
"id": "CVE-2020-20245"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-652"
}
],
"trust": 0.7
},
"cve": "CVE-2020-20245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20245",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173704",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20245",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20245",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20245",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20245",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-652",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173704",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20245",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173704"
},
{
"db": "VULMON",
"id": "CVE-2020-20245"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006902"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-652"
},
{
"db": "NVD",
"id": "CVE-2020-20245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. Advisory: four vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nVendor URL: https://mikrotik.com/\nVendor Status: only CVE-2020-20227 is fixed\nCVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246\nCredit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\nDescription of vulnerabilities\n==========================\nThese vulnerabilities were reported to the vendor almost one year ago. And\nthe vendor confirmed these vulnerabilities. \n\n1. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: /ram/pckg/routing/nova/bin/bfd\n 2020.06.19-18:36:13.88@0: --- signal=11\n--------------------------------------------\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: eip=0x0804b175 eflags=0x00010202\n 2020.06.19-18:36:13.88@0: edi=0x08054a90 esi=0x08054298 ebp=0x7f9d3e88\nesp=0x7f9d3e70\n 2020.06.19-18:36:13.88@0: eax=0x08050634 ebx=0x77777af0 ecx=0x08051274\nedx=0x00000001\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: maps:\n 2020.06.19-18:36:13.88@0: 08048000-08050000 r-xp 00000000 00:1b 16\n /ram/pckg/routing/nova/bin/bfd\n 2020.06.19-18:36:13.88@0: 7759a000-7759c000 r-xp 00000000 00:0c 959\n /lib/libdl-0.9.33.2.so\n 2020.06.19-18:36:13.88@0: 7759e000-775d3000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-18:36:13.88@0: 775d7000-775f1000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-18:36:13.88@0: 775f2000-77601000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-18:36:13.88@0: 77602000-7775f000 r-xp 00000000 00:0c 954\n /lib/libcrypto.so.1.0.0\n 2020.06.19-18:36:13.88@0: 7776f000-77777000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-18:36:13.88@0: 77778000-777c4000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-18:36:13.88@0: 777ca000-777d1000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: stack: 0x7f9d4000 - 0x7f9d3e70\n 2020.06.19-18:36:13.88@0: 34 06 05 08 d0 e6 04 08 d8 3e 9d 7f 90 4a 05\n08 98 42 05 08 d8 3e 9d 7f f8 3e 9d 7f 6d 39 77 77\n 2020.06.19-18:36:13.88@0: 90 4a 05 08 28 40 9d 7f 05 00 00 00 00 43 05\n08 00 00 00 00 28 90 7c 77 01 00 00 00 0c 00 00 00\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: code: 0x804b175\n 2020.06.19-18:36:13.88@0: ff 05 00 00 00 00 83 c4 10 c9 c3 55 89 e5 53\n83\n\nThis vulnerability was initially found in long-term 6.44.6, and it seems\nthat the latest stable version 6.48.2 still suffer from this vulnerability. \n\n2. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: /nova/bin/diskd\n 2020.06.05-15:00:38.33@0: --- signal=11\n--------------------------------------------\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: eip=0x7775a1e3 eflags=0x00010202\n 2020.06.05-15:00:38.33@0: edi=0x7f9dd024 esi=0x0000000a ebp=0x7f9dceb8\nesp=0x7f9dceac\n 2020.06.05-15:00:38.33@0: eax=0x0000000a ebx=0x777624ec ecx=0x08054600\nedx=0x08056e18\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: maps:\n 2020.06.05-15:00:38.33@0: 08048000-08052000 r-xp 00000000 00:0c 1049\n /nova/bin/diskd\n 2020.06.05-15:00:38.33@0: 776ff000-77734000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.05-15:00:38.33@0: 77738000-77752000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.05-15:00:38.33@0: 77753000-77762000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.05-15:00:38.33@0: 77763000-7776b000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2020.06.05-15:00:38.33@0: 7776c000-777b8000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.05-15:00:38.33@0: 777be000-777c5000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: stack: 0x7f9de000 - 0x7f9dceac\n 2020.06.05-15:00:38.33@0: f4 8a 7b 77 0a 00 00 00 f4 8a 7b 77 e8 ce 9d\n7f 92 be 78 77 f8 45 05 08 0a 00 00 00 18 6e 05 08\n 2020.06.05-15:00:38.33@0: 18 6e 05 08 e4 ce 9d 7f 24 d0 9d 7f 7c 18 76\n77 24 d0 9d 7f 18 69 05 08 40 cf 9d 7f a8 cf 9d 7f\n 2020.06.05-15:00:38.34@0:\n 2020.06.05-15:00:38.34@0: code: 0x7775a1e3\n 2020.06.05-15:00:38.34@0: 8b 00 8b 10 01 c2 83 c2 04 52 83 c0 04 50 ff\n75\n\nThis vulnerability was initially found in stable 6.47, and it was fixed at\nleast in stable 6.48.1. \n\n3. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.22-20:13:36.29@0:\n 2020.06.22-20:13:36.29@0:\n 2020.06.22-20:13:36.62@0: /nova/bin/log\n 2020.06.22-20:13:36.62@0: --- signal=11\n--------------------------------------------\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: eip=0x77709d2e eflags=0x00010202\n 2020.06.22-20:13:36.62@0: edi=0x0000004b esi=0x77718f00 ebp=0x7fec6858\nesp=0x7fec6818\n 2020.06.22-20:13:36.62@0: eax=0x00000031 ebx=0x77717000 ecx=0x777171e8\nedx=0x00000006\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: maps:\n 2020.06.22-20:13:36.62@0: 08048000-08058000 r-xp 00000000 00:0c 1005\n /nova/bin/log\n 2020.06.22-20:13:36.62@0: 776e1000-77716000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.22-20:13:36.62@0: 7771a000-77734000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.22-20:13:36.62@0: 77735000-77744000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.22-20:13:36.62@0: 77745000-77791000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.22-20:13:36.62@0: 77797000-7779e000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: stack: 0x7fec7000 - 0x7fec6818\n 2020.06.22-20:13:36.62@0: 48 68 ec 7f 7b ce 73 77 00 00 00 00 10 00 00\n00 00 00 00 00 00 00 00 00 68 68 ec 7f 21 ac 70 77\n 2020.06.22-20:13:36.62@0: 40 00 00 00 1b fb 70 77 e8 71 71 77 c0 28 06\n08 88 68 ec 7f ec 44 74 77 e4 29 06 08 40 69 ec 7f\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: code: 0x77709d2e\n 2020.06.22-20:13:36.62@0: 8b 48 08 89 4c 96 04 e9 93 05 00 00 81 7d e0\nff\n\nThis vulnerability was initially found in stable 6.46.3, and it seems that\nthe latest stable version 6.48.2 still suffers from this vulnerability. \n\n4. By\nsending a crafted packet, an authenticated remote user can crash the mactel\nprocess due to NULL pointer dereference. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: /nova/bin/mactel\n 2020.06.22-20:25:36.17@0: --- signal=11\n--------------------------------------------\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: eip=0x0804ddc7 eflags=0x00010202\n 2020.06.22-20:25:36.17@0: edi=0x08055740 esi=0x7fe78144 ebp=0x7fe780c8\nesp=0x7fe78090\n 2020.06.22-20:25:36.17@0: eax=0x00000000 ebx=0x776b9b40 ecx=0x0000000b\nedx=0xffffffff\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: maps:\n 2020.06.22-20:25:36.17@0: 08048000-08051000 r-xp 00000000 00:0c 1041\n /nova/bin/mactel\n 2020.06.22-20:25:36.17@0: 7762c000-77661000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.22-20:25:36.17@0: 77665000-7767f000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.22-20:25:36.17@0: 77680000-7768f000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.22-20:25:36.17@0: 77690000-776ad000 r-xp 00000000 00:0c 948\n /lib/libucrypto.so\n 2020.06.22-20:25:36.17@0: 776ae000-776af000 r-xp 00000000 00:0c 967\n /lib/libutil-0.9.33.2.so\n 2020.06.22-20:25:36.17@0: 776b1000-776b9000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2020.06.22-20:25:36.17@0: 776ba000-77706000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.22-20:25:36.17@0: 7770c000-77713000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: stack: 0x7fe79000 - 0x7fe78090\n 2020.06.22-20:25:36.17@0: 44 81 e7 7f 01 00 00 00 ff ff ff ff 1f d0 04\n08 58 57 05 08 28 b0 70 77 01 00 00 00 00 00 00 00\n 2020.06.22-20:25:36.17@0: 1c 85 e7 7f 04 1d 05 08 02 db 70 77 40 9b 6b\n77 40 57 05 08 44 81 e7 7f f8 80 e7 7f 7c 4a 6b 77\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: code: 0x804ddc7\n 2020.06.22-20:25:36.17@0: 8b 50 2f 89 55 da 66 8b 40 33 66 89 45 de 83\nc4\n\nThis vulnerability was initially found in stable 6.46.3, and it seems that\nthe latest stable version 6.48.2 still suffers from this vulnerability. \n\n\nSolution\n========\n\nAs to CVE-2020-20227, upgrade to the corresponding latest RouterOS tree\nversion. For others, no upgrade firmware available yet\n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/stable-release-tree\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20245"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006902"
},
{
"db": "VULHUB",
"id": "VHN-173704"
},
{
"db": "VULMON",
"id": "CVE-2020-20245"
},
{
"db": "PACKETSTORM",
"id": "162533"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20245",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162533",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006902",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-652",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173704",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20245",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173704"
},
{
"db": "VULMON",
"id": "CVE-2020-20245"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006902"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-652"
},
{
"db": "NVD",
"id": "CVE-2020-20245"
}
]
},
"id": "VAR-202105-0090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173704"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:54:04.954000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006902"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173704"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006902"
},
{
"db": "NVD",
"id": "CVE-2020-20245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/162533/mikrotik-routeros-memory-corruption.html"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2021/may/23"
},
{
"trust": 1.9,
"url": "https://mikrotik.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20245"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20227"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20246"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173704"
},
{
"db": "VULMON",
"id": "CVE-2020-20245"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006902"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-652"
},
{
"db": "NVD",
"id": "CVE-2020-20245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173704"
},
{
"db": "VULMON",
"id": "CVE-2020-20245"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006902"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-652"
},
{
"db": "NVD",
"id": "CVE-2020-20245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173704"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20245"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006902"
},
{
"date": "2021-05-11T21:38:05",
"db": "PACKETSTORM",
"id": "162533"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-652"
},
{
"date": "2021-05-18T20:15:07.477000",
"db": "NVD",
"id": "CVE-2020-20245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173704"
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20245"
},
{
"date": "2022-01-25T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006902"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-652"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2020-20245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-652"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006902"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-652"
}
],
"trust": 0.6
}
}
var-201910-0548
Vulnerability from variot
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records. RouterOS Contains an input validation vulnerability.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0548",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.45.6"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.5 long-term"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.45.6 stable"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.25"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.26"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.22"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.27"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.20"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.18"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.19"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.23"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.21.1"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.24"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1704"
},
{
"db": "NVD",
"id": "CVE-2019-3979"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
}
]
},
"cve": "CVE-2019-3979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3979",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-155414",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3979",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-3979",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3979",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1704",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155414",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155414"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1704"
},
{
"db": "NVD",
"id": "CVE-2019-3979"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router\u0027s DNS cache via malicious responses with additional and untrue records. RouterOS Contains an input validation vulnerability.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3979"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"db": "VULHUB",
"id": "VHN-155414"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3979",
"trust": 2.5
},
{
"db": "TENABLE",
"id": "TRA-2019-46",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011454",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1704",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155414",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155414"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1704"
},
{
"db": "NVD",
"id": "CVE-2019-3979"
}
]
},
"id": "VAR-201910-0548",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155414"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:51:53.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101464"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1704"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155414"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"db": "NVD",
"id": "CVE-2019-3979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3979"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3979"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155414"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1704"
},
{
"db": "NVD",
"id": "CVE-2019-3979"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155414"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1704"
},
{
"db": "NVD",
"id": "CVE-2019-3979"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-29T00:00:00",
"db": "VULHUB",
"id": "VHN-155414"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"date": "2019-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1704"
},
{
"date": "2019-10-29T19:15:20.610000",
"db": "NVD",
"id": "CVE-2019-3979"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-155414"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011454"
},
{
"date": "2019-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1704"
},
{
"date": "2024-11-21T04:42:59.750000",
"db": "NVD",
"id": "CVE-2019-3979"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1704"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011454"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1704"
}
],
"trust": 0.6
}
}
var-202105-0089
Vulnerability from variot
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a buffer error vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.46.3, 6.46.4, 6.46.5, 6.46.6, 6.46.7, 6.46.8, 6.47, 6.47.1, 6.47.2, 6.47.3, 6.47. Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: no fix yet CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
Description of vulnerabilities
These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities. However, there is still no fix for them yet. By the way, the three vulnerabilities in sniffer binary are different from each one.
- There is a reachable assertion in the btest process. By sending a crafted packet, an authenticated remote user can crash the btest process due to assertion failure.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: /nova/bin/btest
2020.06.19-15:51:36.94@0: --- signal=6
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246
2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880
esp=0x7fdcf878 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f edx=0x00000006 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: maps: 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006 /nova/bin/btest 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947 /lib/libucrypto.so 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71 77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c 77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: code: 0x7772255b 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.44.5, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
- By sending a crafted packet, an authenticated remote user can crash the sniffer process due to NULL pointer dereference.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: /nova/bin/sniffer
2020.06.19-16:36:18.33@0: --- signal=11
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206
2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8
esp=0x7f85c080 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000 edx=0x08059678 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: maps: 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05 08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00 00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77 2020.06.19-16:36:18.34@0: 2020.06.19-16:36:18.34@0: code: 0x8050e33 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53 56
This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: /nova/bin/sniffer
2020.06.19-16:58:33.42@0: --- signal=11
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202
2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428
esp=0x7f8df3e0 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704 edx=0x08073714 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: maps: 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07 08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00 00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: code: 0x8050dac 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34 08
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest version stable 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: /nova/bin/sniffer
2020.06.19-17:58:43.98@0: --- signal=11
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202
2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38
esp=0x7ff96af8 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034 edx=0x77721014 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: maps: 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00 00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00 00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: code: 0x77712055 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b 42
Interestingly, the same poc resulted in another different crash dump(SIGABRT) against stable 6.48.2.
# cat /rw/logs/backtrace.log
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: /nova/bin/sniffer
2021.05.07-16:02:37.25@0: --- signal=6
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246
2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8
esp=0x7f97def0 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6 edx=0x00000006 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: maps: 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036 /nova/bin/sniffer 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951 /lib/libubox.so 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e 77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f 77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: code: 0x776f255b 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest stable version 6.48.2 suffers from an assertion failure vulnerability when running the same poc.
Solution
No upgrade firmware available yet
References
[1] https://mikrotik.com/download/changelogs/stable-release-tree
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.46.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.46.3 (stable tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006899"
},
{
"db": "NVD",
"id": "CVE-2020-20237"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-484"
}
],
"trust": 0.7
},
"cve": "CVE-2020-20237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20237",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173695",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20237",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20237",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20237",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20237",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-484",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173695",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20237",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173695"
},
{
"db": "VULMON",
"id": "CVE-2020-20237"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006899"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-484"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20237"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a buffer error vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.46.3, 6.46.4, 6.46.5, 6.46.6, 6.46.7, 6.46.8, 6.47, 6.47.1, 6.47.2, 6.47.3, 6.47. Advisory: four vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nVendor URL: https://mikrotik.com/\nVendor Status: no fix yet\nCVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237\nCredit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\nDescription of vulnerabilities\n==========================\nThese vulnerabilities were reported to the vendor almost one year ago. And\nthe vendor confirmed these vulnerabilities. However, there is still no fix\nfor them yet. \nBy the way, the three vulnerabilities in sniffer binary are different from\neach one. \n\n1. There is\na reachable assertion in the btest process. By sending a crafted packet, an\nauthenticated remote user can crash the btest process due to assertion\nfailure. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: /nova/bin/btest\n 2020.06.19-15:51:36.94@0: --- signal=6\n--------------------------------------------\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246\n 2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880\nesp=0x7fdcf878\n 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f\nedx=0x00000006\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: maps:\n 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006\n /nova/bin/btest\n 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947\n /lib/libucrypto.so\n 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878\n 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71\n77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00\n 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c\n77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: code: 0x7772255b\n 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.44.5, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n2. By\nsending a crafted packet, an authenticated remote user can crash the\nsniffer process due to NULL pointer dereference. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206\n 2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8\nesp=0x7f85c080\n 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000\nedx=0x08059678\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: maps:\n 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080\n 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05\n08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08\n 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00\n00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77\n 2020.06.19-16:36:18.34@0:\n 2020.06.19-16:36:18.34@0: code: 0x8050e33\n 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53\n56\n\nThis vulnerability was initially found in long-term 6.44.6, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n3. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202\n 2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428\nesp=0x7f8df3e0\n 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704\nedx=0x08073714\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: maps:\n 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0\n 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07\n08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08\n 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00\n00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: code: 0x8050dac\n 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34\n08\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest version stable 6.48.2 still suffers from this vulnerability. \n\n4. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: --- signal=11\n--------------------------------------------\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202\n 2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38\nesp=0x7ff96af8\n 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034\nedx=0x77721014\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: maps:\n 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8\n 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00\n00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77\n 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00\n00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: code: 0x77712055\n 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b\n42\n\nInterestingly, the same poc resulted in another different crash\ndump(SIGABRT) against stable 6.48.2. \n\n # cat /rw/logs/backtrace.log\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: --- signal=6\n--------------------------------------------\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246\n 2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8\nesp=0x7f97def0\n 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6\nedx=0x00000006\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: maps:\n 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036\n /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0\n 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e\n77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00\n 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f\n77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: code: 0x776f255b\n 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest stable version 6.48.2 suffers from an assertion failure\nvulnerability when running the same poc. \n\n\nSolution\n========\n\nNo upgrade firmware available yet\n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/stable-release-tree\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20237"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006899"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-173695"
},
{
"db": "VULMON",
"id": "CVE-2020-20237"
},
{
"db": "PACKETSTORM",
"id": "162513"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20237",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162513",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006899",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021051005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-484",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173695",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20237",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173695"
},
{
"db": "VULMON",
"id": "CVE-2020-20237"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006899"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-484"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20237"
}
]
},
"id": "VAR-202105-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173695"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:33:40.401000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006899"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173695"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006899"
},
{
"db": "NVD",
"id": "CVE-2020-20237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/162513/mikrotik-routeros-6.46.5-memory-corruption-assertion-failure.html"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2021/may/15"
},
{
"trust": 1.9,
"url": "https://mikrotik.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20237"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051005"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20214"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173695"
},
{
"db": "VULMON",
"id": "CVE-2020-20237"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006899"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-484"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20237"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173695"
},
{
"db": "VULMON",
"id": "CVE-2020-20237"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006899"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-484"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20237"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173695"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20237"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006899"
},
{
"date": "2021-05-10T14:25:07",
"db": "PACKETSTORM",
"id": "162513"
},
{
"date": "2021-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-484"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-18T19:15:07.800000",
"db": "NVD",
"id": "CVE-2020-20237"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173695"
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20237"
},
{
"date": "2022-01-25T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006899"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-484"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2020-20237"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-484"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-484"
}
],
"trust": 0.6
}
}
var-202107-0077
Vulnerability from variot
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Two vulnerabilities found in MikroTik's RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.5 (long-term tree)"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008958"
},
{
"db": "NVD",
"id": "CVE-2020-20211"
}
]
},
"cve": "CVE-2020-20211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20211",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173667",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20211",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20211",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20211",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20211",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-287",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173667",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173667"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008958"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-287"
},
{
"db": "NVD",
"id": "CVE-2020-20211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20211"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008958"
},
{
"db": "VULHUB",
"id": "VHN-173667"
},
{
"db": "VULMON",
"id": "CVE-2020-20211"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20211",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008958",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-287",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173667",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20211",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173667"
},
{
"db": "VULMON",
"id": "CVE-2020-20211"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008958"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-287"
},
{
"db": "NVD",
"id": "CVE-2020-20211"
}
]
},
"id": "VAR-202107-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173667"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:06:47.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-617",
"trust": 1.1
},
{
"problemtype": "Reachable assertions (CWE-617) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173667"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008958"
},
{
"db": "NVD",
"id": "CVE-2020-20211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/may/0"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20211"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173667"
},
{
"db": "VULMON",
"id": "CVE-2020-20211"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008958"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-287"
},
{
"db": "NVD",
"id": "CVE-2020-20211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173667"
},
{
"db": "VULMON",
"id": "CVE-2020-20211"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008958"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-287"
},
{
"db": "NVD",
"id": "CVE-2020-20211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-173667"
},
{
"date": "2022-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008958"
},
{
"date": "2021-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-287"
},
{
"date": "2021-07-07T14:15:09.303000",
"db": "NVD",
"id": "CVE-2020-20211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-173667"
},
{
"date": "2022-03-31T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-008958"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-287"
},
{
"date": "2021-07-08T13:26:49.913000",
"db": "NVD",
"id": "CVE-2020-20211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-287"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Reachable assertion vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008958"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-287"
}
],
"trust": 0.6
}
}
var-202105-0085
Vulnerability from variot
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: only CVE-2020-20227 is fixed CVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
Description of vulnerabilities
These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities.
- By sending a crafted packet, an authenticated remote user can crash the bfd process due to invalid memory access.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0: /ram/pckg/routing/nova/bin/bfd
2020.06.19-18:36:13.88@0: --- signal=11
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0: eip=0x0804b175 eflags=0x00010202
2020.06.19-18:36:13.88@0: edi=0x08054a90 esi=0x08054298 ebp=0x7f9d3e88
esp=0x7f9d3e70 2020.06.19-18:36:13.88@0: eax=0x08050634 ebx=0x77777af0 ecx=0x08051274 edx=0x00000001 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: maps: 2020.06.19-18:36:13.88@0: 08048000-08050000 r-xp 00000000 00:1b 16 /ram/pckg/routing/nova/bin/bfd 2020.06.19-18:36:13.88@0: 7759a000-7759c000 r-xp 00000000 00:0c 959 /lib/libdl-0.9.33.2.so 2020.06.19-18:36:13.88@0: 7759e000-775d3000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-18:36:13.88@0: 775d7000-775f1000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-18:36:13.88@0: 775f2000-77601000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-18:36:13.88@0: 77602000-7775f000 r-xp 00000000 00:0c 954 /lib/libcrypto.so.1.0.0 2020.06.19-18:36:13.88@0: 7776f000-77777000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-18:36:13.88@0: 77778000-777c4000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-18:36:13.88@0: 777ca000-777d1000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: stack: 0x7f9d4000 - 0x7f9d3e70 2020.06.19-18:36:13.88@0: 34 06 05 08 d0 e6 04 08 d8 3e 9d 7f 90 4a 05 08 98 42 05 08 d8 3e 9d 7f f8 3e 9d 7f 6d 39 77 77 2020.06.19-18:36:13.88@0: 90 4a 05 08 28 40 9d 7f 05 00 00 00 00 43 05 08 00 00 00 00 28 90 7c 77 01 00 00 00 0c 00 00 00 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: code: 0x804b175 2020.06.19-18:36:13.88@0: ff 05 00 00 00 00 83 c4 10 c9 c3 55 89 e5 53 83
This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffer from this vulnerability.
- By sending a crafted packet, an authenticated remote user can crash the diskd process due to invalid memory access.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0: /nova/bin/diskd
2020.06.05-15:00:38.33@0: --- signal=11
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0: eip=0x7775a1e3 eflags=0x00010202
2020.06.05-15:00:38.33@0: edi=0x7f9dd024 esi=0x0000000a ebp=0x7f9dceb8
esp=0x7f9dceac 2020.06.05-15:00:38.33@0: eax=0x0000000a ebx=0x777624ec ecx=0x08054600 edx=0x08056e18 2020.06.05-15:00:38.33@0: 2020.06.05-15:00:38.33@0: maps: 2020.06.05-15:00:38.33@0: 08048000-08052000 r-xp 00000000 00:0c 1049 /nova/bin/diskd 2020.06.05-15:00:38.33@0: 776ff000-77734000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.05-15:00:38.33@0: 77738000-77752000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.05-15:00:38.33@0: 77753000-77762000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.05-15:00:38.33@0: 77763000-7776b000 r-xp 00000000 00:0c 951 /lib/libubox.so 2020.06.05-15:00:38.33@0: 7776c000-777b8000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.05-15:00:38.33@0: 777be000-777c5000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.05-15:00:38.33@0: 2020.06.05-15:00:38.33@0: stack: 0x7f9de000 - 0x7f9dceac 2020.06.05-15:00:38.33@0: f4 8a 7b 77 0a 00 00 00 f4 8a 7b 77 e8 ce 9d 7f 92 be 78 77 f8 45 05 08 0a 00 00 00 18 6e 05 08 2020.06.05-15:00:38.33@0: 18 6e 05 08 e4 ce 9d 7f 24 d0 9d 7f 7c 18 76 77 24 d0 9d 7f 18 69 05 08 40 cf 9d 7f a8 cf 9d 7f 2020.06.05-15:00:38.34@0: 2020.06.05-15:00:38.34@0: code: 0x7775a1e3 2020.06.05-15:00:38.34@0: 8b 00 8b 10 01 c2 83 c2 04 52 83 c0 04 50 ff 75
This vulnerability was initially found in stable 6.47, and it was fixed at least in stable 6.48.1.
- By sending a crafted packet, an authenticated remote user can crash the log process due to invalid memory access.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.22-20:13:36.29@0:
2020.06.22-20:13:36.29@0:
2020.06.22-20:13:36.62@0: /nova/bin/log
2020.06.22-20:13:36.62@0: --- signal=11
2020.06.22-20:13:36.62@0:
2020.06.22-20:13:36.62@0: eip=0x77709d2e eflags=0x00010202
2020.06.22-20:13:36.62@0: edi=0x0000004b esi=0x77718f00 ebp=0x7fec6858
esp=0x7fec6818 2020.06.22-20:13:36.62@0: eax=0x00000031 ebx=0x77717000 ecx=0x777171e8 edx=0x00000006 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: maps: 2020.06.22-20:13:36.62@0: 08048000-08058000 r-xp 00000000 00:0c 1005 /nova/bin/log 2020.06.22-20:13:36.62@0: 776e1000-77716000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.22-20:13:36.62@0: 7771a000-77734000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.22-20:13:36.62@0: 77735000-77744000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.22-20:13:36.62@0: 77745000-77791000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.22-20:13:36.62@0: 77797000-7779e000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: stack: 0x7fec7000 - 0x7fec6818 2020.06.22-20:13:36.62@0: 48 68 ec 7f 7b ce 73 77 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 68 ec 7f 21 ac 70 77 2020.06.22-20:13:36.62@0: 40 00 00 00 1b fb 70 77 e8 71 71 77 c0 28 06 08 88 68 ec 7f ec 44 74 77 e4 29 06 08 40 69 ec 7f 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: code: 0x77709d2e 2020.06.22-20:13:36.62@0: 8b 48 08 89 4c 96 04 e9 93 05 00 00 81 7d e0 ff
This vulnerability was initially found in stable 6.46.3, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0: /nova/bin/mactel
2020.06.22-20:25:36.17@0: --- signal=11
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0: eip=0x0804ddc7 eflags=0x00010202
2020.06.22-20:25:36.17@0: edi=0x08055740 esi=0x7fe78144 ebp=0x7fe780c8
esp=0x7fe78090 2020.06.22-20:25:36.17@0: eax=0x00000000 ebx=0x776b9b40 ecx=0x0000000b edx=0xffffffff 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: maps: 2020.06.22-20:25:36.17@0: 08048000-08051000 r-xp 00000000 00:0c 1041 /nova/bin/mactel 2020.06.22-20:25:36.17@0: 7762c000-77661000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.22-20:25:36.17@0: 77665000-7767f000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.22-20:25:36.17@0: 77680000-7768f000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.22-20:25:36.17@0: 77690000-776ad000 r-xp 00000000 00:0c 948 /lib/libucrypto.so 2020.06.22-20:25:36.17@0: 776ae000-776af000 r-xp 00000000 00:0c 967 /lib/libutil-0.9.33.2.so 2020.06.22-20:25:36.17@0: 776b1000-776b9000 r-xp 00000000 00:0c 951 /lib/libubox.so 2020.06.22-20:25:36.17@0: 776ba000-77706000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.22-20:25:36.17@0: 7770c000-77713000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: stack: 0x7fe79000 - 0x7fe78090 2020.06.22-20:25:36.17@0: 44 81 e7 7f 01 00 00 00 ff ff ff ff 1f d0 04 08 58 57 05 08 28 b0 70 77 01 00 00 00 00 00 00 00 2020.06.22-20:25:36.17@0: 1c 85 e7 7f 04 1d 05 08 02 db 70 77 40 9b 6b 77 40 57 05 08 44 81 e7 7f f8 80 e7 7f 7c 4a 6b 77 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: code: 0x804ddc7 2020.06.22-20:25:36.17@0: 8b 50 2f 89 55 da 66 8b 40 33 66 89 45 de 83 c4
This vulnerability was initially found in stable 6.46.3, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Solution
As to CVE-2020-20227, upgrade to the corresponding latest RouterOS tree version. For others, no upgrade firmware available yet
References
[1] https://mikrotik.com/download/changelogs/stable-release-tree
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0085",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006900"
},
{
"db": "NVD",
"id": "CVE-2020-20220"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-650"
}
],
"trust": 0.7
},
"cve": "CVE-2020-20220",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20220",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173677",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20220",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20220",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20220",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20220",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-650",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173677",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20220",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173677"
},
{
"db": "VULMON",
"id": "CVE-2020-20220"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006900"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-650"
},
{
"db": "NVD",
"id": "CVE-2020-20220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. Advisory: four vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nVendor URL: https://mikrotik.com/\nVendor Status: only CVE-2020-20227 is fixed\nCVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246\nCredit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\nDescription of vulnerabilities\n==========================\nThese vulnerabilities were reported to the vendor almost one year ago. And\nthe vendor confirmed these vulnerabilities. \n\n1. By sending\na crafted packet, an authenticated remote user can crash the bfd process\ndue to invalid memory access. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: /ram/pckg/routing/nova/bin/bfd\n 2020.06.19-18:36:13.88@0: --- signal=11\n--------------------------------------------\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: eip=0x0804b175 eflags=0x00010202\n 2020.06.19-18:36:13.88@0: edi=0x08054a90 esi=0x08054298 ebp=0x7f9d3e88\nesp=0x7f9d3e70\n 2020.06.19-18:36:13.88@0: eax=0x08050634 ebx=0x77777af0 ecx=0x08051274\nedx=0x00000001\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: maps:\n 2020.06.19-18:36:13.88@0: 08048000-08050000 r-xp 00000000 00:1b 16\n /ram/pckg/routing/nova/bin/bfd\n 2020.06.19-18:36:13.88@0: 7759a000-7759c000 r-xp 00000000 00:0c 959\n /lib/libdl-0.9.33.2.so\n 2020.06.19-18:36:13.88@0: 7759e000-775d3000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-18:36:13.88@0: 775d7000-775f1000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-18:36:13.88@0: 775f2000-77601000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-18:36:13.88@0: 77602000-7775f000 r-xp 00000000 00:0c 954\n /lib/libcrypto.so.1.0.0\n 2020.06.19-18:36:13.88@0: 7776f000-77777000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-18:36:13.88@0: 77778000-777c4000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-18:36:13.88@0: 777ca000-777d1000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: stack: 0x7f9d4000 - 0x7f9d3e70\n 2020.06.19-18:36:13.88@0: 34 06 05 08 d0 e6 04 08 d8 3e 9d 7f 90 4a 05\n08 98 42 05 08 d8 3e 9d 7f f8 3e 9d 7f 6d 39 77 77\n 2020.06.19-18:36:13.88@0: 90 4a 05 08 28 40 9d 7f 05 00 00 00 00 43 05\n08 00 00 00 00 28 90 7c 77 01 00 00 00 0c 00 00 00\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: code: 0x804b175\n 2020.06.19-18:36:13.88@0: ff 05 00 00 00 00 83 c4 10 c9 c3 55 89 e5 53\n83\n\nThis vulnerability was initially found in long-term 6.44.6, and it seems\nthat the latest stable version 6.48.2 still suffer from this vulnerability. \n\n2. By\nsending a crafted packet, an authenticated remote user can crash the diskd\nprocess due to invalid memory access. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: /nova/bin/diskd\n 2020.06.05-15:00:38.33@0: --- signal=11\n--------------------------------------------\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: eip=0x7775a1e3 eflags=0x00010202\n 2020.06.05-15:00:38.33@0: edi=0x7f9dd024 esi=0x0000000a ebp=0x7f9dceb8\nesp=0x7f9dceac\n 2020.06.05-15:00:38.33@0: eax=0x0000000a ebx=0x777624ec ecx=0x08054600\nedx=0x08056e18\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: maps:\n 2020.06.05-15:00:38.33@0: 08048000-08052000 r-xp 00000000 00:0c 1049\n /nova/bin/diskd\n 2020.06.05-15:00:38.33@0: 776ff000-77734000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.05-15:00:38.33@0: 77738000-77752000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.05-15:00:38.33@0: 77753000-77762000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.05-15:00:38.33@0: 77763000-7776b000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2020.06.05-15:00:38.33@0: 7776c000-777b8000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.05-15:00:38.33@0: 777be000-777c5000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: stack: 0x7f9de000 - 0x7f9dceac\n 2020.06.05-15:00:38.33@0: f4 8a 7b 77 0a 00 00 00 f4 8a 7b 77 e8 ce 9d\n7f 92 be 78 77 f8 45 05 08 0a 00 00 00 18 6e 05 08\n 2020.06.05-15:00:38.33@0: 18 6e 05 08 e4 ce 9d 7f 24 d0 9d 7f 7c 18 76\n77 24 d0 9d 7f 18 69 05 08 40 cf 9d 7f a8 cf 9d 7f\n 2020.06.05-15:00:38.34@0:\n 2020.06.05-15:00:38.34@0: code: 0x7775a1e3\n 2020.06.05-15:00:38.34@0: 8b 00 8b 10 01 c2 83 c2 04 52 83 c0 04 50 ff\n75\n\nThis vulnerability was initially found in stable 6.47, and it was fixed at\nleast in stable 6.48.1. \n\n3. By sending\na crafted packet, an authenticated remote user can crash the log process\ndue to invalid memory access. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.22-20:13:36.29@0:\n 2020.06.22-20:13:36.29@0:\n 2020.06.22-20:13:36.62@0: /nova/bin/log\n 2020.06.22-20:13:36.62@0: --- signal=11\n--------------------------------------------\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: eip=0x77709d2e eflags=0x00010202\n 2020.06.22-20:13:36.62@0: edi=0x0000004b esi=0x77718f00 ebp=0x7fec6858\nesp=0x7fec6818\n 2020.06.22-20:13:36.62@0: eax=0x00000031 ebx=0x77717000 ecx=0x777171e8\nedx=0x00000006\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: maps:\n 2020.06.22-20:13:36.62@0: 08048000-08058000 r-xp 00000000 00:0c 1005\n /nova/bin/log\n 2020.06.22-20:13:36.62@0: 776e1000-77716000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.22-20:13:36.62@0: 7771a000-77734000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.22-20:13:36.62@0: 77735000-77744000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.22-20:13:36.62@0: 77745000-77791000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.22-20:13:36.62@0: 77797000-7779e000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: stack: 0x7fec7000 - 0x7fec6818\n 2020.06.22-20:13:36.62@0: 48 68 ec 7f 7b ce 73 77 00 00 00 00 10 00 00\n00 00 00 00 00 00 00 00 00 68 68 ec 7f 21 ac 70 77\n 2020.06.22-20:13:36.62@0: 40 00 00 00 1b fb 70 77 e8 71 71 77 c0 28 06\n08 88 68 ec 7f ec 44 74 77 e4 29 06 08 40 69 ec 7f\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: code: 0x77709d2e\n 2020.06.22-20:13:36.62@0: 8b 48 08 89 4c 96 04 e9 93 05 00 00 81 7d e0\nff\n\nThis vulnerability was initially found in stable 6.46.3, and it seems that\nthe latest stable version 6.48.2 still suffers from this vulnerability. \n\n4. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: /nova/bin/mactel\n 2020.06.22-20:25:36.17@0: --- signal=11\n--------------------------------------------\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: eip=0x0804ddc7 eflags=0x00010202\n 2020.06.22-20:25:36.17@0: edi=0x08055740 esi=0x7fe78144 ebp=0x7fe780c8\nesp=0x7fe78090\n 2020.06.22-20:25:36.17@0: eax=0x00000000 ebx=0x776b9b40 ecx=0x0000000b\nedx=0xffffffff\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: maps:\n 2020.06.22-20:25:36.17@0: 08048000-08051000 r-xp 00000000 00:0c 1041\n /nova/bin/mactel\n 2020.06.22-20:25:36.17@0: 7762c000-77661000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.22-20:25:36.17@0: 77665000-7767f000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.22-20:25:36.17@0: 77680000-7768f000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.22-20:25:36.17@0: 77690000-776ad000 r-xp 00000000 00:0c 948\n /lib/libucrypto.so\n 2020.06.22-20:25:36.17@0: 776ae000-776af000 r-xp 00000000 00:0c 967\n /lib/libutil-0.9.33.2.so\n 2020.06.22-20:25:36.17@0: 776b1000-776b9000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2020.06.22-20:25:36.17@0: 776ba000-77706000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.22-20:25:36.17@0: 7770c000-77713000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: stack: 0x7fe79000 - 0x7fe78090\n 2020.06.22-20:25:36.17@0: 44 81 e7 7f 01 00 00 00 ff ff ff ff 1f d0 04\n08 58 57 05 08 28 b0 70 77 01 00 00 00 00 00 00 00\n 2020.06.22-20:25:36.17@0: 1c 85 e7 7f 04 1d 05 08 02 db 70 77 40 9b 6b\n77 40 57 05 08 44 81 e7 7f f8 80 e7 7f 7c 4a 6b 77\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: code: 0x804ddc7\n 2020.06.22-20:25:36.17@0: 8b 50 2f 89 55 da 66 8b 40 33 66 89 45 de 83\nc4\n\nThis vulnerability was initially found in stable 6.46.3, and it seems that\nthe latest stable version 6.48.2 still suffers from this vulnerability. \n\n\nSolution\n========\n\nAs to CVE-2020-20227, upgrade to the corresponding latest RouterOS tree\nversion. For others, no upgrade firmware available yet\n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/stable-release-tree\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20220"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006900"
},
{
"db": "VULHUB",
"id": "VHN-173677"
},
{
"db": "VULMON",
"id": "CVE-2020-20220"
},
{
"db": "PACKETSTORM",
"id": "162533"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20220",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162533",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006900",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-650",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173677",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20220",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173677"
},
{
"db": "VULMON",
"id": "CVE-2020-20220"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006900"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-650"
},
{
"db": "NVD",
"id": "CVE-2020-20220"
}
]
},
"id": "VAR-202105-0085",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173677"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:54:04.920000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "CVE-2020-20220",
"trust": 0.1,
"url": "https://github.com/JamesGeee/CVE-2020-20220 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-20220"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006900"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173677"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006900"
},
{
"db": "NVD",
"id": "CVE-2020-20220"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/162533/mikrotik-routeros-memory-corruption.html"
},
{
"trust": 1.9,
"url": "https://mikrotik.com/"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/may/23"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20220"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/jamesgeee/cve-2020-20220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20227"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20245"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20246"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173677"
},
{
"db": "VULMON",
"id": "CVE-2020-20220"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006900"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-650"
},
{
"db": "NVD",
"id": "CVE-2020-20220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173677"
},
{
"db": "VULMON",
"id": "CVE-2020-20220"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006900"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-650"
},
{
"db": "NVD",
"id": "CVE-2020-20220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173677"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20220"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006900"
},
{
"date": "2021-05-11T21:38:05",
"db": "PACKETSTORM",
"id": "162533"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-650"
},
{
"date": "2021-05-18T20:15:07.403000",
"db": "NVD",
"id": "CVE-2020-20220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-173677"
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20220"
},
{
"date": "2022-01-25T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006900"
},
{
"date": "2021-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-650"
},
{
"date": "2021-05-21T19:19:24.067000",
"db": "NVD",
"id": "CVE-2020-20220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-650"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006900"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-650"
}
],
"trust": 0.6
}
}
var-202105-0097
Vulnerability from variot
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47 (stable tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"db": "NVD",
"id": "CVE-2020-20266"
}
]
},
"cve": "CVE-2020-20266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20266",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173727",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20266",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20266",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20266",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20266",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1272",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173727",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173727"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1272"
},
{
"db": "NVD",
"id": "CVE-2020-20266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20266"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"db": "VULHUB",
"id": "VHN-173727"
},
{
"db": "VULMON",
"id": "CVE-2020-20266"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20266",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007082",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1272",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173727",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20266",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173727"
},
{
"db": "VULMON",
"id": "CVE-2020-20266"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1272"
},
{
"db": "NVD",
"id": "CVE-2020-20266"
}
]
},
"id": "VAR-202105-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173727"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:38:03.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152012"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1272"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173727"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"db": "NVD",
"id": "CVE-2020-20266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://seclists.org/fulldisclosure/2021/may/11"
},
{
"trust": 1.8,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/mikrotik/vul_dot1x/readme.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173727"
},
{
"db": "VULMON",
"id": "CVE-2020-20266"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1272"
},
{
"db": "NVD",
"id": "CVE-2020-20266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173727"
},
{
"db": "VULMON",
"id": "CVE-2020-20266"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1272"
},
{
"db": "NVD",
"id": "CVE-2020-20266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-173727"
},
{
"date": "2021-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20266"
},
{
"date": "2022-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"date": "2021-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1272"
},
{
"date": "2021-05-19T12:15:07.813000",
"db": "NVD",
"id": "CVE-2020-20266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-173727"
},
{
"date": "2021-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20266"
},
{
"date": "2022-02-02T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2021-007082"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1272"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2020-20266"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1272"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007082"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1272"
}
],
"trust": 0.6
}
}
var-201808-0384
Vulnerability from variot
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. MikroTik RouterOS Contains an authentication vulnerability.Information may be obtained. MikroTik RouterOS is prone to a authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. MikroTik RouterOS version 6.42 and prior versions are vulnerable. MikroTik RouterOS is a routing operating system. Winbox for MikroTik RouterOS is an application for managing MikroTik RouterOS system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.9,
"vendor": "mikrotik",
"version": "6.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.41.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.51"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.50"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.49"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.48"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.46"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.45"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.44"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.43"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.41"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "2.9.40"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "6.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.26"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.25"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.15"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "5.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "4.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.13"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.12"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.11"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.10"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.09"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.08"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.07"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.3,
"vendor": "mikrotik",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "105269"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-086"
},
{
"db": "NVD",
"id": "CVE-2018-14847"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qihoo 360 Netlab",
"sources": [
{
"db": "BID",
"id": "105269"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14847",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14847",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-14847",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125047",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14847",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14847",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14847",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14847",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-086",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125047",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-14847",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125047"
},
{
"db": "VULMON",
"id": "CVE-2018-14847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-086"
},
{
"db": "NVD",
"id": "CVE-2018-14847"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. MikroTik RouterOS Contains an authentication vulnerability.Information may be obtained. MikroTik RouterOS is prone to a authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nMikroTik RouterOS version 6.42 and prior versions are vulnerable. MikroTik RouterOS is a routing operating system. Winbox for MikroTik RouterOS is an application for managing MikroTik RouterOS system",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
},
{
"db": "BID",
"id": "105269"
},
{
"db": "VULHUB",
"id": "VHN-125047"
},
{
"db": "VULMON",
"id": "CVE-2018-14847"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-125047",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45578",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125047"
},
{
"db": "VULMON",
"id": "CVE-2018-14847"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14847",
"trust": 2.9
},
{
"db": "EXPLOIT-DB",
"id": "45578",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008866",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-086",
"trust": 0.7
},
{
"db": "BID",
"id": "105269",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "149742",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-97396",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-125047",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-14847",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125047"
},
{
"db": "VULMON",
"id": "CVE-2018-14847"
},
{
"db": "BID",
"id": "105269"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-086"
},
{
"db": "NVD",
"id": "CVE-2018-14847"
}
]
},
"id": "VAR-201808-0384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125047"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:48:35.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RouterOS",
"trust": 0.8,
"url": "https://mikrotik.com/software"
},
{
"title": "mnk",
"trust": 0.1,
"url": "https://github.com/nomiyousafzai/mnk "
},
{
"title": "Y",
"trust": 0.1,
"url": "https://github.com/etc-i/Y "
},
{
"title": "PocWinbox",
"trust": 0.1,
"url": "https://github.com/alamsyahh15/PocWinbox "
},
{
"title": "hackwifi",
"trust": 0.1,
"url": "https://github.com/ridwan-aplikom/hackwifi "
},
{
"title": "CVE-2018-14847",
"trust": 0.1,
"url": "https://github.com/yukar1z0e/CVE-2018-14847 "
},
{
"title": "winbox",
"trust": 0.1,
"url": "https://github.com/spot-summers/winbox "
},
{
"title": "w",
"trust": 0.1,
"url": "https://github.com/Thamirk/ExploitR "
},
{
"title": "Python-MikrotikLoginExploit",
"trust": 0.1,
"url": "https://github.com/sinichi449/Python-MikrotikLoginExploit "
},
{
"title": "WinBox_Exploit",
"trust": 0.1,
"url": "https://github.com/RainardHuman/WinBox_Exploit "
},
{
"title": "WinboxExploit",
"trust": 0.1,
"url": "https://github.com/msterusky/WinboxExploit "
},
{
"title": "WinboxExploitMikrotik",
"trust": 0.1,
"url": "https://github.com/firmanandriansyah/WinboxExploitMikrotik "
},
{
"title": "WinboxExploit",
"trust": 0.1,
"url": "https://github.com/ferib/WinboxExploit "
},
{
"title": "MkCheck",
"trust": 0.1,
"url": "https://github.com/s1l3nt78/MkCheck "
},
{
"title": "WinboxPoC",
"trust": 0.1,
"url": "https://github.com/Acengerz/WinboxPoC "
},
{
"title": "Cracker-Winbox",
"trust": 0.1,
"url": "https://github.com/Octha-DroiidXz/Cracker-Winbox "
},
{
"title": "MikroRoot",
"trust": 0.1,
"url": "https://github.com/remix30303/MikroRoot "
},
{
"title": "WinboxPoC",
"trust": 0.1,
"url": "https://github.com/BasuCert/WinboxPoC "
},
{
"title": "MkCheck",
"trust": 0.1,
"url": "https://github.com/7dbc/MkCheck "
},
{
"title": "ecko",
"trust": 0.1,
"url": "https://github.com/eckoxxx/ecko "
},
{
"title": "w",
"trust": 0.1,
"url": "https://github.com/Thamirk/RxTxw "
},
{
"title": "WinboxPoc",
"trust": 0.1,
"url": "https://github.com/exploit747/WinboxPoc "
},
{
"title": "Wifi-Hack",
"trust": 0.1,
"url": "https://github.com/MRZyNoX/Wifi-Hack "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/Jie-Geng/PoC "
},
{
"title": "WinboxPoC",
"trust": 0.1,
"url": "https://github.com/ElAcengerz/WinboxPoC "
},
{
"title": "Mikrotik-router-hack",
"trust": 0.1,
"url": "https://github.com/hacker30468/Mikrotik-router-hack "
},
{
"title": "sapulidi",
"trust": 0.1,
"url": "https://github.com/dedesundara/sapulidi "
},
{
"title": "Winbox-Poc-With-Launcher",
"trust": 0.1,
"url": "https://github.com/AuthenticWeebS/Winbox-Poc-With-Launcher "
},
{
"title": "CVE-2018-14847",
"trust": 0.1,
"url": "https://github.com/jas502n/CVE-2018-14847 "
},
{
"title": "WinboxPoC",
"trust": 0.1,
"url": "https://github.com/notfound-git/WinboxPoC "
},
{
"title": "darksplitz",
"trust": 0.1,
"url": "https://github.com/koboi137/darksplitz "
},
{
"title": "awesome-cyber-security",
"trust": 0.1,
"url": "https://github.com/xrkk/awesome-cyber-security "
},
{
"title": "Cyber-Security_Collection",
"trust": 0.1,
"url": "https://github.com/RakhithJK/Cyber-Security_Collection "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/huawei-router-default-credential/140234/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/10/11/tenable_mikrotik_bugs/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/09/27/fancy_bear_modules/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/over-3-700-mikrotik-routers-abused-in-cryptojacking-campaigns/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/09/04/mikrotik_routers_pwned/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/thousands-of-compromised-mikrotik-routers-send-traffic-to-attackers/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-14847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125047"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
},
{
"db": "NVD",
"id": "CVE-2018-14847"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.exploit-db.com/exploits/45578/"
},
{
"trust": 2.1,
"url": "https://github.com/basucert/winboxpoc"
},
{
"trust": 2.1,
"url": "https://github.com/bignerd95/winboxexploit"
},
{
"trust": 2.1,
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"trust": 1.8,
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"trust": 1.8,
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
},
{
"trust": 1.8,
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14847"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14847"
},
{
"trust": 0.3,
"url": "https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/"
},
{
"trust": 0.3,
"url": "http://www.mikrotik.com/"
},
{
"trust": 0.3,
"url": "https://mikrotik.com/download"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/nomiyousafzai/mnk"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125047"
},
{
"db": "VULMON",
"id": "CVE-2018-14847"
},
{
"db": "BID",
"id": "105269"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-086"
},
{
"db": "NVD",
"id": "CVE-2018-14847"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125047"
},
{
"db": "VULMON",
"id": "CVE-2018-14847"
},
{
"db": "BID",
"id": "105269"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-086"
},
{
"db": "NVD",
"id": "CVE-2018-14847"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-125047"
},
{
"date": "2018-08-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14847"
},
{
"date": "2018-08-02T00:00:00",
"db": "BID",
"id": "105269"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008866"
},
{
"date": "2018-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-086"
},
{
"date": "2018-08-02T07:29:00.280000",
"db": "NVD",
"id": "CVE-2018-14847"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-125047"
},
{
"date": "2019-03-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14847"
},
{
"date": "2018-08-02T00:00:00",
"db": "BID",
"id": "105269"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008866"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-086"
},
{
"date": "2024-11-21T03:49:54.730000",
"db": "NVD",
"id": "CVE-2018-14847"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008866"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-086"
}
],
"trust": 0.6
}
}
var-201705-3726
Vulnerability from variot
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically. MikroTik RouterOS Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterBoard is a router management panel from MikroTik, Republic of Latvia. A remote denial of service vulnerability exists in the networkstack in MikroTikRouterBoard 6.38.5. MikroTik is a routing operating system based on Linux kernel developed by Latvian MikroTik Company. This system turns a PC computer into a professional router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3726",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 2.4,
"vendor": "mikrotik",
"version": "6.38.5"
},
{
"model": "routerboard",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.38.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-018"
},
{
"db": "NVD",
"id": "CVE-2017-8338"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
}
]
},
"cve": "CVE-2017-8338",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-8338",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07384",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-116541",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8338",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8338",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-8338",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-07384",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-018",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116541",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"db": "VULHUB",
"id": "VHN-116541"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-018"
},
{
"db": "NVD",
"id": "CVE-2017-8338"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically. MikroTik RouterOS Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterBoard is a router management panel from MikroTik, Republic of Latvia. A remote denial of service vulnerability exists in the networkstack in MikroTikRouterBoard 6.38.5. MikroTik is a routing operating system based on Linux kernel developed by Latvian MikroTik Company. This system turns a PC computer into a professional router",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
},
{
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"db": "VULHUB",
"id": "VHN-116541"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8338",
"trust": 3.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017050062",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "142538",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004268",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-018",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-07384",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116541",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"db": "VULHUB",
"id": "VHN-116541"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-018"
},
{
"db": "NVD",
"id": "CVE-2017-8338"
}
]
},
"id": "VAR-201705-3726",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"db": "VULHUB",
"id": "VHN-116541"
}
],
"trust": 1.34285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07384"
}
]
},
"last_update_date": "2024-11-23T21:54:02.377000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Upgrading RouterOS",
"trust": 0.8,
"url": "https://www.mikrotik.com/download"
},
{
"title": "MikroTik Remote Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94199"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116541"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
},
{
"db": "NVD",
"id": "CVE-2017-8338"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
},
{
"trust": 2.3,
"url": "https://cxsecurity.com/issue/wlb-2017050062"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2017/may/59"
},
{
"trust": 1.7,
"url": "https://packetstormsecurity.com/files/142538/mikrotik-routerboard-6.38.5-denial-of-service.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8338"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8338"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"db": "VULHUB",
"id": "VHN-116541"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-018"
},
{
"db": "NVD",
"id": "CVE-2017-8338"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"db": "VULHUB",
"id": "VHN-116541"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-018"
},
{
"db": "NVD",
"id": "CVE-2017-8338"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"date": "2017-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116541"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004268"
},
{
"date": "2017-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-018"
},
{
"date": "2017-05-18T06:29:00.293000",
"db": "NVD",
"id": "CVE-2017-8338"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07384"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116541"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004268"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-018"
},
{
"date": "2024-11-21T03:33:47.753000",
"db": "NVD",
"id": "CVE-2017-8338"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Resource management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004268"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-018"
}
],
"trust": 0.6
}
}
var-202105-0093
Vulnerability from variot
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. Mikrotik RouterOs Is vulnerable to division by zero.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Mikrotik RouterOs prior to 6.47 has a security vulnerability, which stems from a memory corruption vulnerability in the /nova/bin/lcdstat process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47 (stable tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"db": "NVD",
"id": "CVE-2020-20253"
}
]
},
"cve": "CVE-2020-20253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20253",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173713",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20253",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20253",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20253",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20253",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1221",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173713",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173713"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1221"
},
{
"db": "NVD",
"id": "CVE-2020-20253"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. Mikrotik RouterOs Is vulnerable to division by zero.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Mikrotik RouterOs prior to 6.47 has a security vulnerability, which stems from a memory corruption vulnerability in the /nova/bin/lcdstat process",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20253"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"db": "VULHUB",
"id": "VHN-173713"
},
{
"db": "VULMON",
"id": "CVE-2020-20253"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20253",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007071",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1221",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173713",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20253",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173713"
},
{
"db": "VULMON",
"id": "CVE-2020-20253"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1221"
},
{
"db": "NVD",
"id": "CVE-2020-20253"
}
]
},
"id": "VAR-202105-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173713"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:01:29.122000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151990"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1221"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-369",
"trust": 1.1
},
{
"problemtype": "Division by zero (CWE-369) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173713"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"db": "NVD",
"id": "CVE-2020-20253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://seclists.org/fulldisclosure/2021/may/14"
},
{
"trust": 1.8,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/mikrotik/vul_lcdstat_4/readme.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173713"
},
{
"db": "VULMON",
"id": "CVE-2020-20253"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1221"
},
{
"db": "NVD",
"id": "CVE-2020-20253"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173713"
},
{
"db": "VULMON",
"id": "CVE-2020-20253"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1221"
},
{
"db": "NVD",
"id": "CVE-2020-20253"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173713"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20253"
},
{
"date": "2022-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1221"
},
{
"date": "2021-05-18T14:15:07.293000",
"db": "NVD",
"id": "CVE-2020-20253"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-173713"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20253"
},
{
"date": "2022-02-02T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2021-007071"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1221"
},
{
"date": "2021-05-25T12:28:34.190000",
"db": "NVD",
"id": "CVE-2020-20253"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1221"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Vulnerability for division by zero in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007071"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1221"
}
],
"trust": 0.6
}
}
var-201808-0568
Vulnerability from variot
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0568",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.40.9"
},
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.42.7"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.6,
"vendor": "microtik",
"version": "6.42.7"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.6,
"vendor": "microtik",
"version": "6.40.9"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.4"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "5.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.1"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "5.15"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.41.4"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-762"
},
{
"db": "NVD",
"id": "CVE-2018-1157"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
}
]
},
"cve": "CVE-2018-1157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-1157",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-16524",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-121442",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-1157",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1157",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-1157",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16524",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-762",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-121442",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"db": "VULHUB",
"id": "VHN-121442"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-762"
},
{
"db": "NVD",
"id": "CVE-2018-1157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1157"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"db": "VULHUB",
"id": "VHN-121442"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1157",
"trust": 3.1
},
{
"db": "TENABLE",
"id": "TRA-2018-21",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009039",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-762",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-16524",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-121442",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"db": "VULHUB",
"id": "VHN-121442"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-762"
},
{
"db": "NVD",
"id": "CVE-2018-1157"
}
]
},
"id": "VAR-201808-0568",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"db": "VULHUB",
"id": "VHN-121442"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16524"
}
]
},
"last_update_date": "2024-11-23T21:52:55.326000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release 6.42.7",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs"
},
{
"title": "Release 6.42.7",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"title": "MikrotikRouterOS memory exhaustion vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138523"
},
{
"title": "Mikrotik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84253"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-762"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121442"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"db": "NVD",
"id": "CVE-2018-1157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/jul/20"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1157"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1157"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"db": "VULHUB",
"id": "VHN-121442"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-762"
},
{
"db": "NVD",
"id": "CVE-2018-1157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"db": "VULHUB",
"id": "VHN-121442"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-762"
},
{
"db": "NVD",
"id": "CVE-2018-1157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"date": "2018-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-121442"
},
{
"date": "2018-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"date": "2018-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-762"
},
{
"date": "2018-08-23T19:29:00.457000",
"db": "NVD",
"id": "CVE-2018-1157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16524"
},
{
"date": "2019-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-121442"
},
{
"date": "2018-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009039"
},
{
"date": "2019-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-762"
},
{
"date": "2024-11-21T03:59:18.190000",
"db": "NVD",
"id": "CVE-2018-1157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-762"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-762"
}
],
"trust": 0.6
}
}
var-202105-0095
Vulnerability from variot
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. Mikrotik RouterOs Is vulnerable to division by zero.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.47 (stable tree)"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"db": "NVD",
"id": "CVE-2020-20264"
}
]
},
"cve": "CVE-2020-20264",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20264",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173725",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20264",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20264",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20264",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20264",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1271",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173725",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173725"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1271"
},
{
"db": "NVD",
"id": "CVE-2020-20264"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. Mikrotik RouterOs Is vulnerable to division by zero.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20264"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"db": "VULHUB",
"id": "VHN-173725"
},
{
"db": "VULMON",
"id": "CVE-2020-20264"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20264",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007316",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1271",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-173725",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173725"
},
{
"db": "VULMON",
"id": "CVE-2020-20264"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1271"
},
{
"db": "NVD",
"id": "CVE-2020-20264"
}
]
},
"id": "VAR-202105-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173725"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:06:49.960000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152560"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1271"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-369",
"trust": 1.1
},
{
"problemtype": "Division by zero (CWE-369) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173725"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"db": "NVD",
"id": "CVE-2020-20264"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://seclists.org/fulldisclosure/2021/may/11"
},
{
"trust": 1.8,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/mikrotik/vul_netwatch/readme.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173725"
},
{
"db": "VULMON",
"id": "CVE-2020-20264"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1271"
},
{
"db": "NVD",
"id": "CVE-2020-20264"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173725"
},
{
"db": "VULMON",
"id": "CVE-2020-20264"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1271"
},
{
"db": "NVD",
"id": "CVE-2020-20264"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-173725"
},
{
"date": "2021-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20264"
},
{
"date": "2022-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"date": "2021-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1271"
},
{
"date": "2021-05-19T12:15:07.770000",
"db": "NVD",
"id": "CVE-2020-20264"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-173725"
},
{
"date": "2021-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20264"
},
{
"date": "2022-02-07T08:45:00",
"db": "JVNDB",
"id": "JVNDB-2021-007316"
},
{
"date": "2021-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1271"
},
{
"date": "2021-06-01T12:22:39.753000",
"db": "NVD",
"id": "CVE-2020-20264"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1271"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Vulnerability for division by zero in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007316"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1271"
}
],
"trust": 0.6
}
}
var-202205-0896
Vulnerability from variot
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik of routeros for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0896",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.48.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.48.2"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019609"
},
{
"db": "NVD",
"id": "CVE-2021-36614"
}
]
},
"cve": "CVE-2021-36614",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-36614",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-398480",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-36614",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-36614",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-36614",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-36614",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3028",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-398480",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-36614",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398480"
},
{
"db": "VULMON",
"id": "CVE-2021-36614"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019609"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3028"
},
{
"db": "NVD",
"id": "CVE-2021-36614"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik of routeros for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-36614"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019609"
},
{
"db": "VULHUB",
"id": "VHN-398480"
},
{
"db": "VULMON",
"id": "CVE-2021-36614"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-36614",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019609",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3028",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022060842",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-398480",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-36614",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398480"
},
{
"db": "VULMON",
"id": "CVE-2021-36614"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019609"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3028"
},
{
"db": "NVD",
"id": "CVE-2021-36614"
}
]
},
"id": "VAR-202205-0896",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-398480"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:24:48.519000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MikroTik RouterOS Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193706"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-36614 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-36614"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398480"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019609"
},
{
"db": "NVD",
"id": "CVE-2021-36614"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/jun/2"
},
{
"trust": 2.6,
"url": "https://seclists.org/fulldisclosure/2021/jul/0"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36614"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-36614/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060842"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-36614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398480"
},
{
"db": "VULMON",
"id": "CVE-2021-36614"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019609"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3028"
},
{
"db": "NVD",
"id": "CVE-2021-36614"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-398480"
},
{
"db": "VULMON",
"id": "CVE-2021-36614"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019609"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3028"
},
{
"db": "NVD",
"id": "CVE-2021-36614"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-398480"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36614"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019609"
},
{
"date": "2022-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3028"
},
{
"date": "2022-05-11T18:15:22.997000",
"db": "NVD",
"id": "CVE-2021-36614"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-398480"
},
{
"date": "2022-10-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36614"
},
{
"date": "2023-08-07T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-019609"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3028"
},
{
"date": "2022-10-18T20:15:38.677000",
"db": "NVD",
"id": "CVE-2021-36614"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik\u00a0 of \u00a0routeros\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019609"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3028"
}
],
"trust": 0.6
}
}
var-201804-0906
Vulnerability from variot
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message. MikroTik Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik is a routing operating system based on Linux kernel developed by Latvian MikroTik Company. This system turns a PC computer into a professional router. A security vulnerability exists in MikroTik version 6.41.4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0906",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "router",
"scope": "eq",
"trust": 1.6,
"vendor": "mikrotik",
"version": "6.41.4"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.41.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-724"
},
{
"db": "NVD",
"id": "CVE-2018-10070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
}
]
},
"cve": "CVE-2018-10070",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-10070",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-119793",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-10070",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10070",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10070",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-724",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-119793",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-724"
},
{
"db": "NVD",
"id": "CVE-2018-10070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many \u0027\\0\u0027 characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a \"router was rebooted without proper shutdown\" message. MikroTik Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik is a routing operating system based on Linux kernel developed by Latvian MikroTik Company. This system turns a PC computer into a professional router. A security vulnerability exists in MikroTik version 6.41.4",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10070"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
},
{
"db": "VULHUB",
"id": "VHN-119793"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-119793",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119793"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "147183",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-10070",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "44450",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004301",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-724",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-119793",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-724"
},
{
"db": "NVD",
"id": "CVE-2018-10070"
}
]
},
"id": "VAR-201804-0906",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-119793"
}
],
"trust": 0.7
},
"last_update_date": "2024-11-23T23:05:08.412000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
},
{
"db": "NVD",
"id": "CVE-2018-10070"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/147183/mikrotik-6.41.4-denial-of-service.html"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/44450/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10070"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10070"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-724"
},
{
"db": "NVD",
"id": "CVE-2018-10070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-119793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-724"
},
{
"db": "NVD",
"id": "CVE-2018-10070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-119793"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004301"
},
{
"date": "2018-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-724"
},
{
"date": "2018-04-16T21:29:00.387000",
"db": "NVD",
"id": "CVE-2018-10070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-119793"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004301"
},
{
"date": "2018-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-724"
},
{
"date": "2024-11-21T03:40:45.433000",
"db": "NVD",
"id": "CVE-2018-10070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-724"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004301"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-724"
}
],
"trust": 0.6
}
}
var-202003-1284
Vulnerability from variot
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack. Mikrotik RouterOS There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in Mikrotik RouterOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1284",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": null,
"trust": 1.4,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "*"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016223"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-036"
},
{
"db": "NVD",
"id": "CVE-2018-5951"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016223"
}
]
},
"cve": "CVE-2018-5951",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-5951",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-016223",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-135983",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5951",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-016223",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5951",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2018-016223",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-036",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-135983",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016223"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-036"
},
{
"db": "NVD",
"id": "CVE-2018-5951"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack. Mikrotik RouterOS There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in Mikrotik RouterOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5951"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016223"
},
{
"db": "VULHUB",
"id": "VHN-135983"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5951",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016223",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-036",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-15579",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135983",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016223"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-036"
},
{
"db": "NVD",
"id": "CVE-2018-5951"
}
]
},
"id": "VAR-202003-1284",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135983"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:36:02.097000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016223"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5951"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/nat-lab/cve-2018-5951"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5951"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5951"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016223"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-036"
},
{
"db": "NVD",
"id": "CVE-2018-5951"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-135983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016223"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-036"
},
{
"db": "NVD",
"id": "CVE-2018-5951"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-135983"
},
{
"date": "2020-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016223"
},
{
"date": "2020-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-036"
},
{
"date": "2020-03-02T22:15:12.827000",
"db": "NVD",
"id": "CVE-2018-5951"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-135983"
},
{
"date": "2020-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016223"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-036"
},
{
"date": "2024-11-21T04:09:44.273000",
"db": "NVD",
"id": "CVE-2018-5951"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-036"
}
],
"trust": 0.6
}
}
var-202212-0564
Vulnerability from variot
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-0564",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.0,
"vendor": "mikrotik",
"version": "7.6"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45315"
}
]
},
"cve": "CVE-2022-45315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-45315",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-45315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-2438",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2438"
},
{
"db": "NVD",
"id": "CVE-2022-45315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-45315"
},
{
"db": "VULHUB",
"id": "VHN-442958"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-45315",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2438",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-442958",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-442958"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2438"
},
{
"db": "NVD",
"id": "CVE-2022-45315"
}
]
},
"id": "VAR-202212-0564",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-442958"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:17:33.411000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MikroTik RouterOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216733"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2438"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-442958"
},
{
"db": "NVD",
"id": "CVE-2022-45315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2022-45315/readme.md"
},
{
"trust": 0.6,
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/vul_snmp/readme.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-45315/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-442958"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2438"
},
{
"db": "NVD",
"id": "CVE-2022-45315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-442958"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2438"
},
{
"db": "NVD",
"id": "CVE-2022-45315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-442958"
},
{
"date": "2022-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2438"
},
{
"date": "2022-12-05T16:15:10.050000",
"db": "NVD",
"id": "CVE-2022-45315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-442958"
},
{
"date": "2022-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2438"
},
{
"date": "2023-02-03T19:49:04.590000",
"db": "NVD",
"id": "CVE-2022-45315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2438"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2438"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2438"
}
],
"trust": 0.6
}
}
var-201808-0569
Vulnerability from variot
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router. Security vulnerabilities existed in versions prior to MikrotikRouterOS 6.42.7 and versions prior to 6.40.9
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0569",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.40.9"
},
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.42.7"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.6,
"vendor": "microtik",
"version": "6.42.7"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.6,
"vendor": "microtik",
"version": "6.40.9"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "5.15"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-761"
},
{
"db": "NVD",
"id": "CVE-2018-1158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
}
]
},
"cve": "CVE-2018-1158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-1158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-16525",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-121453",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-1158",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1158",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-1158",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16525",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-761",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-121453",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"db": "VULHUB",
"id": "VHN-121453"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-761"
},
{
"db": "NVD",
"id": "CVE-2018-1158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router. Security vulnerabilities existed in versions prior to MikrotikRouterOS 6.42.7 and versions prior to 6.40.9",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1158"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"db": "VULHUB",
"id": "VHN-121453"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1158",
"trust": 3.1
},
{
"db": "TENABLE",
"id": "TRA-2018-21",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009040",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-761",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-16525",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-121453",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"db": "VULHUB",
"id": "VHN-121453"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-761"
},
{
"db": "NVD",
"id": "CVE-2018-1158"
}
]
},
"id": "VAR-201808-0569",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"db": "VULHUB",
"id": "VHN-121453"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16525"
}
]
},
"last_update_date": "2024-11-23T21:52:55.295000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release 6.42.7",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs"
},
{
"title": "Release 6.42.7",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"title": "MikrotikRouterOS stack exhaustion patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138527"
},
{
"title": "Mikrotik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84252"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-674",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121453"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"db": "NVD",
"id": "CVE-2018-1158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/jul/20"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1158"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1158"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"db": "VULHUB",
"id": "VHN-121453"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-761"
},
{
"db": "NVD",
"id": "CVE-2018-1158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"db": "VULHUB",
"id": "VHN-121453"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-761"
},
{
"db": "NVD",
"id": "CVE-2018-1158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"date": "2018-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-121453"
},
{
"date": "2018-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"date": "2018-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-761"
},
{
"date": "2018-08-23T19:29:00.563000",
"db": "NVD",
"id": "CVE-2018-1158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16525"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-121453"
},
{
"date": "2018-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009040"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-761"
},
{
"date": "2024-11-21T03:59:18.307000",
"db": "NVD",
"id": "CVE-2018-1158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009040"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-761"
}
],
"trust": 0.6
}
}
var-201808-0565
Vulnerability from variot
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system. Mikrotik RouterOS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0565",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.40.9"
},
{
"model": "routeros",
"scope": "lt",
"trust": 1.8,
"vendor": "mikrotik",
"version": "6.42.7"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.6,
"vendor": "microtik",
"version": "6.42.7"
},
{
"model": "routeros",
"scope": "lt",
"trust": 0.6,
"vendor": "microtik",
"version": "6.40.9"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.4"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "5.0"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.1"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "5.15"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.41.4"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.42.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-763"
},
{
"db": "NVD",
"id": "CVE-2018-1156"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
}
]
},
"cve": "CVE-2018-1156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-1156",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-16523",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-121431",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-1156",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1156",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-1156",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-16523",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-763",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121431",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"db": "VULHUB",
"id": "VHN-121431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-763"
},
{
"db": "NVD",
"id": "CVE-2018-1156"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system. Mikrotik RouterOS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1156"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"db": "VULHUB",
"id": "VHN-121431"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1156",
"trust": 3.1
},
{
"db": "TENABLE",
"id": "TRA-2018-21",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009038",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-763",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-16523",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-121431",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"db": "VULHUB",
"id": "VHN-121431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-763"
},
{
"db": "NVD",
"id": "CVE-2018-1156"
}
]
},
"id": "VAR-201808-0565",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"db": "VULHUB",
"id": "VHN-121431"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16523"
}
]
},
"last_update_date": "2024-11-23T21:52:55.235000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release 6.42.7",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs"
},
{
"title": "Release 6.42.7",
"trust": 0.8,
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"title": "MikrotikRouterOS stack buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138519"
},
{
"title": "Mikrotik RouterOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84254"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-763"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"db": "NVD",
"id": "CVE-2018-1156"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1156"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1156"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"db": "VULHUB",
"id": "VHN-121431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-763"
},
{
"db": "NVD",
"id": "CVE-2018-1156"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"db": "VULHUB",
"id": "VHN-121431"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-763"
},
{
"db": "NVD",
"id": "CVE-2018-1156"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"date": "2018-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-121431"
},
{
"date": "2018-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"date": "2018-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-763"
},
{
"date": "2018-08-23T19:29:00.347000",
"db": "NVD",
"id": "CVE-2018-1156"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16523"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-121431"
},
{
"date": "2018-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-763"
},
{
"date": "2024-11-21T03:59:18.073000",
"db": "NVD",
"id": "CVE-2018-1156"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-763"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009038"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-763"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-763"
}
],
"trust": 0.6
}
}
var-202208-2032
Vulnerability from variot
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host. MikroTik of routeros Exists in a link interpretation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.8,
"vendor": "mikrotik",
"version": "7.4"
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015775"
},
{
"db": "NVD",
"id": "CVE-2022-34960"
}
]
},
"cve": "CVE-2022-34960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-34960",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34960",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34960",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-34960",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3839",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015775"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3839"
},
{
"db": "NVD",
"id": "CVE-2022-34960"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host. MikroTik of routeros Exists in a link interpretation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34960"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015775"
},
{
"db": "VULHUB",
"id": "VHN-427953"
},
{
"db": "VULMON",
"id": "CVE-2022-34960"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34960",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015775",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3839",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-427953",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427953"
},
{
"db": "VULMON",
"id": "CVE-2022-34960"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015775"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3839"
},
{
"db": "NVD",
"id": "CVE-2022-34960"
}
]
},
"id": "VAR-202208-2032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427953"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:16:31.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MikroTik RouterOS Post-link vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206248"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3839"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-59",
"trust": 1.1
},
{
"problemtype": "Link interpretation problem (CWE-59) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427953"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015775"
},
{
"db": "NVD",
"id": "CVE-2022-34960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
},
{
"trust": 1.8,
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34960"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34960/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427953"
},
{
"db": "VULMON",
"id": "CVE-2022-34960"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015775"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3839"
},
{
"db": "NVD",
"id": "CVE-2022-34960"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-427953"
},
{
"db": "VULMON",
"id": "CVE-2022-34960"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015775"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3839"
},
{
"db": "NVD",
"id": "CVE-2022-34960"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-427953"
},
{
"date": "2022-08-25T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34960"
},
{
"date": "2023-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015775"
},
{
"date": "2022-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3839"
},
{
"date": "2022-08-25T02:15:19.733000",
"db": "NVD",
"id": "CVE-2022-34960"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-427953"
},
{
"date": "2022-08-25T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34960"
},
{
"date": "2023-09-28T08:09:00",
"db": "JVNDB",
"id": "JVNDB-2022-015775"
},
{
"date": "2022-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3839"
},
{
"date": "2022-08-31T16:35:53.877000",
"db": "NVD",
"id": "CVE-2022-34960"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3839"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik\u00a0 of \u00a0routeros\u00a0 Link interpretation vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015775"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3839"
}
],
"trust": 0.6
}
}
var-201611-0423
Vulnerability from variot
MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router. A cross-site scripting vulnerability exists in MikroTikRouterOS version 6.36.2. The program did not adequately filter the user-submitted input. An attacker could exploit the vulnerability to steal cookie-based authentication or inject malicious scripts.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0423",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.36.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11252"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-11252",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2016-11252",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router. A cross-site scripting vulnerability exists in MikroTikRouterOS version 6.36.2. The program did not adequately filter the user-submitted input. An attacker could exploit the vulnerability to steal cookie-based authentication or inject malicious scripts.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11252"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CXSECURITY",
"id": "WLB-2016110115",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-11252",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11252"
}
]
},
"id": "VAR-201611-0423",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11252"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11252"
}
]
},
"last_update_date": "2022-05-17T01:57:42.514000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2016110115"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11252"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11252"
}
],
"trust": 0.6
}
}
var-202105-0084
Vulnerability from variot
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.6"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20218"
}
]
},
"cve": "CVE-2020-20218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20218",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173674",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20218",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20218",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-049",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173674",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20218",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173674"
},
{
"db": "VULMON",
"id": "CVE-2020-20218"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-049"
},
{
"db": "NVD",
"id": "CVE-2020-20218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20218"
},
{
"db": "VULHUB",
"id": "VHN-173674"
},
{
"db": "VULMON",
"id": "CVE-2020-20218"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20218",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-049",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173674",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20218",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173674"
},
{
"db": "VULMON",
"id": "CVE-2020-20218"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-049"
},
{
"db": "NVD",
"id": "CVE-2020-20218"
}
]
},
"id": "VAR-202105-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173674"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:27:46.376000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mikrotik RouterOs Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149908"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-049"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173674"
},
{
"db": "NVD",
"id": "CVE-2020-20218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://seclists.org/fulldisclosure/2020/may/30"
},
{
"trust": 1.8,
"url": "https://seclists.org/fulldisclosure/2021/may/1"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20218"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173674"
},
{
"db": "VULMON",
"id": "CVE-2020-20218"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-049"
},
{
"db": "NVD",
"id": "CVE-2020-20218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173674"
},
{
"db": "VULMON",
"id": "CVE-2020-20218"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-049"
},
{
"db": "NVD",
"id": "CVE-2020-20218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173674"
},
{
"date": "2021-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20218"
},
{
"date": "2021-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-049"
},
{
"date": "2021-05-03T16:15:07.430000",
"db": "NVD",
"id": "CVE-2020-20218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173674"
},
{
"date": "2021-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20218"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-049"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2020-20218"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-049"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MikroTik RouterOS Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-049"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-049"
}
],
"trust": 0.6
}
}
var-201910-0547
Vulnerability from variot
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning. RouterOS Is vulnerable to a lack of authentication for critical functions.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in MikroTik RouterOS 6.45.6 Stable and earlier versions and 6.44.5 Long-term and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0547",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "lte",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.45.6"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.44.5 long-term"
},
{
"model": "routeros",
"scope": "lte",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.45.6 stable"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.44.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.1"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.44.5"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.2"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.44.4"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.6"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.6,
"vendor": "mikrotik",
"version": "6.45.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1703"
},
{
"db": "NVD",
"id": "CVE-2019-3978"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:mikrotik:router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1703"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3978",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3978",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-155413",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3978",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-3978",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3978",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3978",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1703",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155413",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1703"
},
{
"db": "NVD",
"id": "CVE-2019-3978"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker\u0027s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning. RouterOS Is vulnerable to a lack of authentication for critical functions.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in MikroTik RouterOS 6.45.6 Stable and earlier versions and 6.44.5 Long-term and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3978"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"db": "VULHUB",
"id": "VHN-155413"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2019-46",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2019-3978",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "155036",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011453",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1703",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "47566",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155413",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1703"
},
{
"db": "NVD",
"id": "CVE-2019-3978"
}
]
},
"id": "VAR-201910-0547",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155413"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:51:53.142000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101463"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1703"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"db": "NVD",
"id": "CVE-2019-3978"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155036/mikrotik-routeros-6.45.6-dns-cache-poisoning.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3978"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3978"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47566"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1703"
},
{
"db": "NVD",
"id": "CVE-2019-3978"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155413"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1703"
},
{
"db": "NVD",
"id": "CVE-2019-3978"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-29T00:00:00",
"db": "VULHUB",
"id": "VHN-155413"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"date": "2019-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1703"
},
{
"date": "2019-10-29T19:15:20.500000",
"db": "NVD",
"id": "CVE-2019-3978"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-155413"
},
{
"date": "2019-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011453"
},
{
"date": "2019-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1703"
},
{
"date": "2024-11-21T04:42:59.627000",
"db": "NVD",
"id": "CVE-2019-3978"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1703"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RouterOS Vulnerabilities related to lack of authentication for critical functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011453"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1703"
}
],
"trust": 0.6
}
}
var-202105-0087
Vulnerability from variot
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: only CVE-2020-20227 is fixed CVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
Description of vulnerabilities
These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0: /ram/pckg/routing/nova/bin/bfd
2020.06.19-18:36:13.88@0: --- signal=11
2020.06.19-18:36:13.88@0:
2020.06.19-18:36:13.88@0: eip=0x0804b175 eflags=0x00010202
2020.06.19-18:36:13.88@0: edi=0x08054a90 esi=0x08054298 ebp=0x7f9d3e88
esp=0x7f9d3e70 2020.06.19-18:36:13.88@0: eax=0x08050634 ebx=0x77777af0 ecx=0x08051274 edx=0x00000001 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: maps: 2020.06.19-18:36:13.88@0: 08048000-08050000 r-xp 00000000 00:1b 16 /ram/pckg/routing/nova/bin/bfd 2020.06.19-18:36:13.88@0: 7759a000-7759c000 r-xp 00000000 00:0c 959 /lib/libdl-0.9.33.2.so 2020.06.19-18:36:13.88@0: 7759e000-775d3000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-18:36:13.88@0: 775d7000-775f1000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-18:36:13.88@0: 775f2000-77601000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-18:36:13.88@0: 77602000-7775f000 r-xp 00000000 00:0c 954 /lib/libcrypto.so.1.0.0 2020.06.19-18:36:13.88@0: 7776f000-77777000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-18:36:13.88@0: 77778000-777c4000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-18:36:13.88@0: 777ca000-777d1000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: stack: 0x7f9d4000 - 0x7f9d3e70 2020.06.19-18:36:13.88@0: 34 06 05 08 d0 e6 04 08 d8 3e 9d 7f 90 4a 05 08 98 42 05 08 d8 3e 9d 7f f8 3e 9d 7f 6d 39 77 77 2020.06.19-18:36:13.88@0: 90 4a 05 08 28 40 9d 7f 05 00 00 00 00 43 05 08 00 00 00 00 28 90 7c 77 01 00 00 00 0c 00 00 00 2020.06.19-18:36:13.88@0: 2020.06.19-18:36:13.88@0: code: 0x804b175 2020.06.19-18:36:13.88@0: ff 05 00 00 00 00 83 c4 10 c9 c3 55 89 e5 53 83
This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffer from this vulnerability.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0: /nova/bin/diskd
2020.06.05-15:00:38.33@0: --- signal=11
2020.06.05-15:00:38.33@0:
2020.06.05-15:00:38.33@0: eip=0x7775a1e3 eflags=0x00010202
2020.06.05-15:00:38.33@0: edi=0x7f9dd024 esi=0x0000000a ebp=0x7f9dceb8
esp=0x7f9dceac 2020.06.05-15:00:38.33@0: eax=0x0000000a ebx=0x777624ec ecx=0x08054600 edx=0x08056e18 2020.06.05-15:00:38.33@0: 2020.06.05-15:00:38.33@0: maps: 2020.06.05-15:00:38.33@0: 08048000-08052000 r-xp 00000000 00:0c 1049 /nova/bin/diskd 2020.06.05-15:00:38.33@0: 776ff000-77734000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.05-15:00:38.33@0: 77738000-77752000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.05-15:00:38.33@0: 77753000-77762000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.05-15:00:38.33@0: 77763000-7776b000 r-xp 00000000 00:0c 951 /lib/libubox.so 2020.06.05-15:00:38.33@0: 7776c000-777b8000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.05-15:00:38.33@0: 777be000-777c5000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.05-15:00:38.33@0: 2020.06.05-15:00:38.33@0: stack: 0x7f9de000 - 0x7f9dceac 2020.06.05-15:00:38.33@0: f4 8a 7b 77 0a 00 00 00 f4 8a 7b 77 e8 ce 9d 7f 92 be 78 77 f8 45 05 08 0a 00 00 00 18 6e 05 08 2020.06.05-15:00:38.33@0: 18 6e 05 08 e4 ce 9d 7f 24 d0 9d 7f 7c 18 76 77 24 d0 9d 7f 18 69 05 08 40 cf 9d 7f a8 cf 9d 7f 2020.06.05-15:00:38.34@0: 2020.06.05-15:00:38.34@0: code: 0x7775a1e3 2020.06.05-15:00:38.34@0: 8b 00 8b 10 01 c2 83 c2 04 52 83 c0 04 50 ff 75
This vulnerability was initially found in stable 6.47, and it was fixed at least in stable 6.48.1.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.22-20:13:36.29@0:
2020.06.22-20:13:36.29@0:
2020.06.22-20:13:36.62@0: /nova/bin/log
2020.06.22-20:13:36.62@0: --- signal=11
2020.06.22-20:13:36.62@0:
2020.06.22-20:13:36.62@0: eip=0x77709d2e eflags=0x00010202
2020.06.22-20:13:36.62@0: edi=0x0000004b esi=0x77718f00 ebp=0x7fec6858
esp=0x7fec6818 2020.06.22-20:13:36.62@0: eax=0x00000031 ebx=0x77717000 ecx=0x777171e8 edx=0x00000006 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: maps: 2020.06.22-20:13:36.62@0: 08048000-08058000 r-xp 00000000 00:0c 1005 /nova/bin/log 2020.06.22-20:13:36.62@0: 776e1000-77716000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.22-20:13:36.62@0: 7771a000-77734000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.22-20:13:36.62@0: 77735000-77744000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.22-20:13:36.62@0: 77745000-77791000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.22-20:13:36.62@0: 77797000-7779e000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: stack: 0x7fec7000 - 0x7fec6818 2020.06.22-20:13:36.62@0: 48 68 ec 7f 7b ce 73 77 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 68 ec 7f 21 ac 70 77 2020.06.22-20:13:36.62@0: 40 00 00 00 1b fb 70 77 e8 71 71 77 c0 28 06 08 88 68 ec 7f ec 44 74 77 e4 29 06 08 40 69 ec 7f 2020.06.22-20:13:36.62@0: 2020.06.22-20:13:36.62@0: code: 0x77709d2e 2020.06.22-20:13:36.62@0: 8b 48 08 89 4c 96 04 e9 93 05 00 00 81 7d e0 ff
This vulnerability was initially found in stable 6.46.3, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
- By sending a crafted packet, an authenticated remote user can crash the mactel process due to NULL pointer dereference.
Against stable 6.47, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0: /nova/bin/mactel
2020.06.22-20:25:36.17@0: --- signal=11
2020.06.22-20:25:36.17@0:
2020.06.22-20:25:36.17@0: eip=0x0804ddc7 eflags=0x00010202
2020.06.22-20:25:36.17@0: edi=0x08055740 esi=0x7fe78144 ebp=0x7fe780c8
esp=0x7fe78090 2020.06.22-20:25:36.17@0: eax=0x00000000 ebx=0x776b9b40 ecx=0x0000000b edx=0xffffffff 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: maps: 2020.06.22-20:25:36.17@0: 08048000-08051000 r-xp 00000000 00:0c 1041 /nova/bin/mactel 2020.06.22-20:25:36.17@0: 7762c000-77661000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2020.06.22-20:25:36.17@0: 77665000-7767f000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2020.06.22-20:25:36.17@0: 77680000-7768f000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2020.06.22-20:25:36.17@0: 77690000-776ad000 r-xp 00000000 00:0c 948 /lib/libucrypto.so 2020.06.22-20:25:36.17@0: 776ae000-776af000 r-xp 00000000 00:0c 967 /lib/libutil-0.9.33.2.so 2020.06.22-20:25:36.17@0: 776b1000-776b9000 r-xp 00000000 00:0c 951 /lib/libubox.so 2020.06.22-20:25:36.17@0: 776ba000-77706000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2020.06.22-20:25:36.17@0: 7770c000-77713000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: stack: 0x7fe79000 - 0x7fe78090 2020.06.22-20:25:36.17@0: 44 81 e7 7f 01 00 00 00 ff ff ff ff 1f d0 04 08 58 57 05 08 28 b0 70 77 01 00 00 00 00 00 00 00 2020.06.22-20:25:36.17@0: 1c 85 e7 7f 04 1d 05 08 02 db 70 77 40 9b 6b 77 40 57 05 08 44 81 e7 7f f8 80 e7 7f 7c 4a 6b 77 2020.06.22-20:25:36.17@0: 2020.06.22-20:25:36.17@0: code: 0x804ddc7 2020.06.22-20:25:36.17@0: 8b 50 2f 89 55 da 66 8b 40 33 66 89 45 de 83 c4
This vulnerability was initially found in stable 6.46.3, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Solution
As to CVE-2020-20227, upgrade to the corresponding latest RouterOS tree version. For others, no upgrade firmware available yet
References
[1] https://mikrotik.com/download/changelogs/stable-release-tree
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "stable 6.47"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"db": "NVD",
"id": "CVE-2020-20227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-651"
}
],
"trust": 0.7
},
"cve": "CVE-2020-20227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20227",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173684",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20227",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20227",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20227",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20227",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-651",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173684",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20227",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173684"
},
{
"db": "VULMON",
"id": "CVE-2020-20227"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-651"
},
{
"db": "NVD",
"id": "CVE-2020-20227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a security vulnerability. Advisory: four vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nVendor URL: https://mikrotik.com/\nVendor Status: only CVE-2020-20227 is fixed\nCVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246\nCredit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\nDescription of vulnerabilities\n==========================\nThese vulnerabilities were reported to the vendor almost one year ago. And\nthe vendor confirmed these vulnerabilities. \n\n1. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: /ram/pckg/routing/nova/bin/bfd\n 2020.06.19-18:36:13.88@0: --- signal=11\n--------------------------------------------\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: eip=0x0804b175 eflags=0x00010202\n 2020.06.19-18:36:13.88@0: edi=0x08054a90 esi=0x08054298 ebp=0x7f9d3e88\nesp=0x7f9d3e70\n 2020.06.19-18:36:13.88@0: eax=0x08050634 ebx=0x77777af0 ecx=0x08051274\nedx=0x00000001\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: maps:\n 2020.06.19-18:36:13.88@0: 08048000-08050000 r-xp 00000000 00:1b 16\n /ram/pckg/routing/nova/bin/bfd\n 2020.06.19-18:36:13.88@0: 7759a000-7759c000 r-xp 00000000 00:0c 959\n /lib/libdl-0.9.33.2.so\n 2020.06.19-18:36:13.88@0: 7759e000-775d3000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-18:36:13.88@0: 775d7000-775f1000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-18:36:13.88@0: 775f2000-77601000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-18:36:13.88@0: 77602000-7775f000 r-xp 00000000 00:0c 954\n /lib/libcrypto.so.1.0.0\n 2020.06.19-18:36:13.88@0: 7776f000-77777000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-18:36:13.88@0: 77778000-777c4000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-18:36:13.88@0: 777ca000-777d1000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: stack: 0x7f9d4000 - 0x7f9d3e70\n 2020.06.19-18:36:13.88@0: 34 06 05 08 d0 e6 04 08 d8 3e 9d 7f 90 4a 05\n08 98 42 05 08 d8 3e 9d 7f f8 3e 9d 7f 6d 39 77 77\n 2020.06.19-18:36:13.88@0: 90 4a 05 08 28 40 9d 7f 05 00 00 00 00 43 05\n08 00 00 00 00 28 90 7c 77 01 00 00 00 0c 00 00 00\n 2020.06.19-18:36:13.88@0:\n 2020.06.19-18:36:13.88@0: code: 0x804b175\n 2020.06.19-18:36:13.88@0: ff 05 00 00 00 00 83 c4 10 c9 c3 55 89 e5 53\n83\n\nThis vulnerability was initially found in long-term 6.44.6, and it seems\nthat the latest stable version 6.48.2 still suffer from this vulnerability. \n\n2. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: /nova/bin/diskd\n 2020.06.05-15:00:38.33@0: --- signal=11\n--------------------------------------------\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: eip=0x7775a1e3 eflags=0x00010202\n 2020.06.05-15:00:38.33@0: edi=0x7f9dd024 esi=0x0000000a ebp=0x7f9dceb8\nesp=0x7f9dceac\n 2020.06.05-15:00:38.33@0: eax=0x0000000a ebx=0x777624ec ecx=0x08054600\nedx=0x08056e18\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: maps:\n 2020.06.05-15:00:38.33@0: 08048000-08052000 r-xp 00000000 00:0c 1049\n /nova/bin/diskd\n 2020.06.05-15:00:38.33@0: 776ff000-77734000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.05-15:00:38.33@0: 77738000-77752000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.05-15:00:38.33@0: 77753000-77762000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.05-15:00:38.33@0: 77763000-7776b000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2020.06.05-15:00:38.33@0: 7776c000-777b8000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.05-15:00:38.33@0: 777be000-777c5000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.05-15:00:38.33@0:\n 2020.06.05-15:00:38.33@0: stack: 0x7f9de000 - 0x7f9dceac\n 2020.06.05-15:00:38.33@0: f4 8a 7b 77 0a 00 00 00 f4 8a 7b 77 e8 ce 9d\n7f 92 be 78 77 f8 45 05 08 0a 00 00 00 18 6e 05 08\n 2020.06.05-15:00:38.33@0: 18 6e 05 08 e4 ce 9d 7f 24 d0 9d 7f 7c 18 76\n77 24 d0 9d 7f 18 69 05 08 40 cf 9d 7f a8 cf 9d 7f\n 2020.06.05-15:00:38.34@0:\n 2020.06.05-15:00:38.34@0: code: 0x7775a1e3\n 2020.06.05-15:00:38.34@0: 8b 00 8b 10 01 c2 83 c2 04 52 83 c0 04 50 ff\n75\n\nThis vulnerability was initially found in stable 6.47, and it was fixed at\nleast in stable 6.48.1. \n\n3. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.22-20:13:36.29@0:\n 2020.06.22-20:13:36.29@0:\n 2020.06.22-20:13:36.62@0: /nova/bin/log\n 2020.06.22-20:13:36.62@0: --- signal=11\n--------------------------------------------\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: eip=0x77709d2e eflags=0x00010202\n 2020.06.22-20:13:36.62@0: edi=0x0000004b esi=0x77718f00 ebp=0x7fec6858\nesp=0x7fec6818\n 2020.06.22-20:13:36.62@0: eax=0x00000031 ebx=0x77717000 ecx=0x777171e8\nedx=0x00000006\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: maps:\n 2020.06.22-20:13:36.62@0: 08048000-08058000 r-xp 00000000 00:0c 1005\n /nova/bin/log\n 2020.06.22-20:13:36.62@0: 776e1000-77716000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.22-20:13:36.62@0: 7771a000-77734000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.22-20:13:36.62@0: 77735000-77744000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.22-20:13:36.62@0: 77745000-77791000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.22-20:13:36.62@0: 77797000-7779e000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: stack: 0x7fec7000 - 0x7fec6818\n 2020.06.22-20:13:36.62@0: 48 68 ec 7f 7b ce 73 77 00 00 00 00 10 00 00\n00 00 00 00 00 00 00 00 00 68 68 ec 7f 21 ac 70 77\n 2020.06.22-20:13:36.62@0: 40 00 00 00 1b fb 70 77 e8 71 71 77 c0 28 06\n08 88 68 ec 7f ec 44 74 77 e4 29 06 08 40 69 ec 7f\n 2020.06.22-20:13:36.62@0:\n 2020.06.22-20:13:36.62@0: code: 0x77709d2e\n 2020.06.22-20:13:36.62@0: 8b 48 08 89 4c 96 04 e9 93 05 00 00 81 7d e0\nff\n\nThis vulnerability was initially found in stable 6.46.3, and it seems that\nthe latest stable version 6.48.2 still suffers from this vulnerability. \n\n4. By\nsending a crafted packet, an authenticated remote user can crash the mactel\nprocess due to NULL pointer dereference. \n\nAgainst stable 6.47, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: /nova/bin/mactel\n 2020.06.22-20:25:36.17@0: --- signal=11\n--------------------------------------------\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: eip=0x0804ddc7 eflags=0x00010202\n 2020.06.22-20:25:36.17@0: edi=0x08055740 esi=0x7fe78144 ebp=0x7fe780c8\nesp=0x7fe78090\n 2020.06.22-20:25:36.17@0: eax=0x00000000 ebx=0x776b9b40 ecx=0x0000000b\nedx=0xffffffff\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: maps:\n 2020.06.22-20:25:36.17@0: 08048000-08051000 r-xp 00000000 00:0c 1041\n /nova/bin/mactel\n 2020.06.22-20:25:36.17@0: 7762c000-77661000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2020.06.22-20:25:36.17@0: 77665000-7767f000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2020.06.22-20:25:36.17@0: 77680000-7768f000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2020.06.22-20:25:36.17@0: 77690000-776ad000 r-xp 00000000 00:0c 948\n /lib/libucrypto.so\n 2020.06.22-20:25:36.17@0: 776ae000-776af000 r-xp 00000000 00:0c 967\n /lib/libutil-0.9.33.2.so\n 2020.06.22-20:25:36.17@0: 776b1000-776b9000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2020.06.22-20:25:36.17@0: 776ba000-77706000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2020.06.22-20:25:36.17@0: 7770c000-77713000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: stack: 0x7fe79000 - 0x7fe78090\n 2020.06.22-20:25:36.17@0: 44 81 e7 7f 01 00 00 00 ff ff ff ff 1f d0 04\n08 58 57 05 08 28 b0 70 77 01 00 00 00 00 00 00 00\n 2020.06.22-20:25:36.17@0: 1c 85 e7 7f 04 1d 05 08 02 db 70 77 40 9b 6b\n77 40 57 05 08 44 81 e7 7f f8 80 e7 7f 7c 4a 6b 77\n 2020.06.22-20:25:36.17@0:\n 2020.06.22-20:25:36.17@0: code: 0x804ddc7\n 2020.06.22-20:25:36.17@0: 8b 50 2f 89 55 da 66 8b 40 33 66 89 45 de 83\nc4\n\nThis vulnerability was initially found in stable 6.46.3, and it seems that\nthe latest stable version 6.48.2 still suffers from this vulnerability. \n\n\nSolution\n========\n\nAs to CVE-2020-20227, upgrade to the corresponding latest RouterOS tree\nversion. For others, no upgrade firmware available yet\n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/stable-release-tree\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20227"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"db": "VULHUB",
"id": "VHN-173684"
},
{
"db": "VULMON",
"id": "CVE-2020-20227"
},
{
"db": "PACKETSTORM",
"id": "162533"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20227",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162533",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006901",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-651",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173684",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20227",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173684"
},
{
"db": "VULMON",
"id": "CVE-2020-20227"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-651"
},
{
"db": "NVD",
"id": "CVE-2020-20227"
}
]
},
"id": "VAR-202105-0087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173684"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:54:04.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
},
{
"title": "MikroTik RouterOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151566"
},
{
"title": "CVE-2020-20227",
"trust": 0.1,
"url": "https://github.com/JamesGeee/CVE-2020-20227 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-20227"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-651"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173684"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"db": "NVD",
"id": "CVE-2020-20227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/162533/mikrotik-routeros-memory-corruption.html"
},
{
"trust": 1.9,
"url": "https://mikrotik.com/"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/may/23"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20227"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/jamesgeee/cve-2020-20227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20245"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20246"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173684"
},
{
"db": "VULMON",
"id": "CVE-2020-20227"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-651"
},
{
"db": "NVD",
"id": "CVE-2020-20227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173684"
},
{
"db": "VULMON",
"id": "CVE-2020-20227"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"db": "PACKETSTORM",
"id": "162533"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-651"
},
{
"db": "NVD",
"id": "CVE-2020-20227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173684"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20227"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"date": "2021-05-11T21:38:05",
"db": "PACKETSTORM",
"id": "162533"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-651"
},
{
"date": "2021-05-18T20:15:07.440000",
"db": "NVD",
"id": "CVE-2020-20227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173684"
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20227"
},
{
"date": "2022-01-25T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006901"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-651"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2020-20227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-651"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006901"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-651"
}
],
"trust": 0.6
}
}
var-202202-0714
Vulnerability from variot
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0714",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.47"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-22845"
}
]
},
"cve": "CVE-2020-22845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-22845",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-176564",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-22845",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-22845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-2165",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-176564",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176564"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2165"
},
{
"db": "NVD",
"id": "CVE-2020-22845"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-22845"
},
{
"db": "VULHUB",
"id": "VHN-176564"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-22845",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2165",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-176564",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176564"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2165"
},
{
"db": "NVD",
"id": "CVE-2020-22845"
}
]
},
"id": "VAR-202202-0714",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-176564"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:27:26.232000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mikrotik RouterOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185334"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-2165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176564"
},
{
"db": "NVD",
"id": "CVE-2020-22845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"trust": 1.7,
"url": "https://mikrotik.com/support"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-22845/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-22845"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176564"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2165"
},
{
"db": "NVD",
"id": "CVE-2020-22845"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-176564"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-2165"
},
{
"db": "NVD",
"id": "CVE-2020-22845"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-176564"
},
{
"date": "2022-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-2165"
},
{
"date": "2022-02-28T19:15:08.697000",
"db": "NVD",
"id": "CVE-2020-22845"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-176564"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-2165"
},
{
"date": "2022-03-08T18:31:42.217000",
"db": "NVD",
"id": "CVE-2020-22845"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-2165"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOS Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-2165"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-2165"
}
],
"trust": 0.6
}
}
cve-2019-3924
Vulnerability from cvelistv5
Published
2019-02-20 20:00
Modified
2024-09-17 02:46
Severity ?
EPSS score ?
Summary
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46444/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.tenable.com/security/research/tra-2019-07 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107177 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenable | MikroTik RouterOS |
Version: RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46444",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name": "107177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below"
}
]
}
],
"datePublic": "2019-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unauthenticated Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-05T10:57:02",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "46444",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name": "107177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2019-02-12T00:00:00",
"ID": "CVE-2019-3924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below"
}
]
}
}
]
},
"vendor_name": "Tenable"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unauthenticated Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46444",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-07",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name": "107177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3924",
"datePublished": "2019-02-20T20:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:46:52.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20215
Vulnerability from cvelistv5
Published
2021-07-07 13:29
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/10 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:29:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/10",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20215",
"datePublished": "2021-07-07T13:29:33",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36613
Vulnerability from cvelistv5
Published
2022-05-11 17:34
Modified
2024-08-04 01:01
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2021/Jul/0 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2022/Jun/2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T20:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2021/Jul/0",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36613",
"datePublished": "2022-05-11T17:34:34",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-08-04T01:01:58.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3981
Vulnerability from cvelistv5
Published
2020-01-14 18:13
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2020-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WinBox",
"vendor": "MikroTik",
"versions": [
{
"status": "affected",
"version": "Winbox 3.20 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client\u0027s authentication protocol and recover the user\u0027s username and MD5 hashed password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T18:13:57",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WinBox",
"version": {
"version_data": [
{
"version_value": "Winbox 3.20 and below."
}
]
}
}
]
},
"vendor_name": "MikroTik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client\u0027s authentication protocol and recover the user\u0027s username and MD5 hashed password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3981",
"datePublished": "2020-01-14T18:13:57",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11881
Vulnerability from cvelistv5
Published
2020-09-14 20:06
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com | x_refsource_MISC | |
| https://github.com/botlabsDev/CVE-2020-11881 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/botlabsDev/CVE-2020-11881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-14T20:06:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/botlabsDev/CVE-2020-11881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com",
"refsource": "MISC",
"url": "https://mikrotik.com"
},
{
"name": "https://github.com/botlabsDev/CVE-2020-11881",
"refsource": "MISC",
"url": "https://github.com/botlabsDev/CVE-2020-11881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11881",
"datePublished": "2020-09-14T20:06:38",
"dateReserved": "2020-04-17T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3014
Vulnerability from cvelistv5
Published
2021-01-04 18:38
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html | x_refsource_MISC | |
| https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T18:38:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html",
"refsource": "MISC",
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
},
{
"name": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md",
"refsource": "MISC",
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3014",
"datePublished": "2021-01-04T18:38:07",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T16:45:50.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6976
Vulnerability from cvelistv5
Published
2009-08-18 10:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44944 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/31025 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/6366 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "routeros-snmp-security-bypass(44944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"name": "31025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31025"
},
{
"name": "6366",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-03T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "routeros-snmp-security-bypass(44944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"name": "31025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31025"
},
{
"name": "6366",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "routeros-snmp-security-bypass(44944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"name": "31025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31025"
},
{
"name": "6366",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6976",
"datePublished": "2009-08-18T10:00:00",
"dateReserved": "2009-08-17T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41570
Vulnerability from cvelistv5
Published
2023-11-14 00:00
Modified
2024-09-03 15:05
Severity ?
EPSS score ?
Summary
MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41570",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:03:38.419322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:05:06.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:16:21.940637",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41570",
"datePublished": "2023-11-14T00:00:00",
"dateReserved": "2023-08-30T00:00:00",
"dateUpdated": "2024-09-03T15:05:06.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3979
Vulnerability from cvelistv5
Published
2019-10-28 21:33
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2019-46 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MikroTik RouterOS |
Version: RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router\u0027s DNS cache via malicious responses with additional and untrue records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrelated Data Attack (see: https://www.sans.org/reading-room/whitepapers/dns/security-issues-dns-1069)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T21:33:25",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router\u0027s DNS cache via malicious responses with additional and untrue records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrelated Data Attack (see: https://www.sans.org/reading-room/whitepapers/dns/security-issues-dns-1069)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3979",
"datePublished": "2019-10-28T21:33:25",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20214
Vulnerability from cvelistv5
Published
2021-05-18 18:21
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/15 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2021/May/15 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T18:25:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/15",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20214",
"datePublished": "2021-05-18T18:21:41",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10066
Vulnerability from cvelistv5
Published
2018-04-13 13:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).
References
| ▼ | URL | Tags |
|---|---|---|
| https://janis-streib.de/2018/04/11/mikrotik-openvpn-security | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client\u0027s internal network (for example, at site-to-site tunnels)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-13T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client\u0027s internal network (for example, at site-to-site tunnels)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security",
"refsource": "MISC",
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10066",
"datePublished": "2018-04-13T13:00:00",
"dateReserved": "2018-04-12T00:00:00",
"dateUpdated": "2024-08-05T07:32:00.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20213
Vulnerability from cvelistv5
Published
2021-07-07 13:28
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/10 | x_refsource_MISC | |
| https://cwe.mitre.org/data/definitions/674.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/10",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"name": "https://cwe.mitre.org/data/definitions/674.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/674.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20213",
"datePublished": "2021-07-07T13:28:48",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20252
Vulnerability from cvelistv5
Published
2021-07-13 17:06
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T17:06:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20252",
"datePublished": "2021-07-13T17:06:57",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3943
Vulnerability from cvelistv5
Published
2019-04-10 20:01
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2019-16 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"status": "affected",
"version": "Stable 6.43.12 and below"
},
{
"status": "affected",
"version": "Long-term 6.42.12 and below"
},
{
"status": "affected",
"version": "Testing 6.44beta75 and below"
}
]
}
],
"datePublic": "2019-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T20:01:00",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RouterOS",
"version": {
"version_data": [
{
"version_value": "Stable 6.43.12 and below"
},
{
"version_value": "Long-term 6.42.12 and below"
},
{
"version_value": "Testing 6.44beta75 and below"
}
]
}
}
]
},
"vendor_name": "MikroTik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-16",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3943",
"datePublished": "2019-04-10T20:01:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7285
Vulnerability from cvelistv5
Published
2017-03-29 14:00
Modified
2024-08-05 15:56
Severity ?
EPSS score ?
Summary
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cxsecurity.com/issue/WLB-2017030242 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/41752/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/97266 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"name": "41752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41752/"
},
{
"name": "97266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97266"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"name": "41752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41752/"
},
{
"name": "97266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97266"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2017030242",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"name": "41752",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41752/"
},
{
"name": "97266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97266"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7285",
"datePublished": "2017-03-29T14:00:00",
"dateReserved": "2017-03-27T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20217
Vulnerability from cvelistv5
Published
2021-07-08 11:39
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| https://cwe.mitre.org/data/definitions/400.html | x_refsource_MISC | |
| https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "https://cwe.mitre.org/data/definitions/400.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20217",
"datePublished": "2021-07-08T11:39:28",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45315
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 14:09
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45315",
"datePublished": "2022-12-05T00:00:00",
"dateReserved": "2022-11-14T00:00:00",
"dateUpdated": "2024-08-03T14:09:56.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20221
Vulnerability from cvelistv5
Published
2021-07-21 13:49
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwe.mitre.org/data/definitions/400.html | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2020/May/30 | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2021/May/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/400.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"name": "https://seclists.org/fulldisclosure/2020/May/30",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/1",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20221",
"datePublished": "2021-07-21T13:49:07",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6444
Vulnerability from cvelistv5
Published
2017-03-12 04:57
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/41601/ | exploit, x_refsource_EXPLOIT-DB | |
| https://cxsecurity.com/issue/WLB-2017030029 | x_refsource_MISC | |
| https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html | x_refsource_MISC | |
| http://www.exploitalert.com/view-details.html?id=26137 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41601",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41601/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploitalert.com/view-details.html?id=26137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41601",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41601/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploitalert.com/view-details.html?id=26137"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41601",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41601/"
},
{
"name": "https://cxsecurity.com/issue/WLB-2017030029",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"name": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"name": "http://www.exploitalert.com/view-details.html?id=26137",
"refsource": "MISC",
"url": "http://www.exploitalert.com/view-details.html?id=26137"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6444",
"datePublished": "2017-03-12T04:57:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10364
Vulnerability from cvelistv5
Published
2020-03-23 15:56
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/48228 | x_refsource_MISC | |
| https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T15:56:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/48228",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"name": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10364",
"datePublished": "2020-03-23T15:56:19",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-08-04T10:58:40.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32154
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-09-20 20:29
Severity ?
EPSS score ?
Summary
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-19797.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-710/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "routeros",
"vendor": "mikrotik",
"versions": [
{
"lessThan": "6.49.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:51:00.556580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T20:29:37.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-710",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-710/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RouterOS",
"vendor": "Mikrotik",
"versions": [
{
"status": "affected",
"version": "6.49.7 Stable"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:43.038-05:00",
"datePublic": "2023-05-17T20:29:17.704-05:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-19797."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:28:19.909Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-710",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-710/"
}
],
"source": {
"lang": "en",
"value": "Angelboy(@scwuaptx) and NiNi (@terrynini38514) from DEVCORE Research Team"
},
"title": "Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32154",
"datePublished": "2024-05-03T01:56:37.467Z",
"dateReserved": "2023-05-03T20:10:47.060Z",
"dateUpdated": "2024-09-20T20:29:37.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13955
Vulnerability from cvelistv5
Published
2019-07-26 12:13
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2019/Jul/20 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:43.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T01:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2019/Jul/20",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"name": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13955",
"datePublished": "2019-07-26T12:13:50",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-05T00:05:43.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20219
Vulnerability from cvelistv5
Published
2021-07-21 13:25
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2021/May/2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T13:25:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/2",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20219",
"datePublished": "2021-07-21T13:25:16",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14847
Vulnerability from cvelistv5
Published
2018-08-02 07:00
Modified
2025-02-04 20:41
Severity ?
EPSS score ?
Summary
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/45578/ | exploit, x_refsource_EXPLOIT-DB | |
| https://github.com/BigNerd95/WinboxExploit | x_refsource_MISC | |
| https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf | x_refsource_MISC | |
| https://github.com/BasuCert/WinboxPoC | x_refsource_MISC | |
| https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847 | x_refsource_MISC | |
| https://n0p.me/winbox-bug-dissection/ | x_refsource_MISC | |
| https://github.com/tenable/routeros/tree/master/poc/bytheway | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45578/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-14847",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:41:33.262103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-01",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-14847"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:41:37.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-16T17:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45578/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45578",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45578/"
},
{
"name": "https://github.com/BigNerd95/WinboxExploit",
"refsource": "MISC",
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"name": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf",
"refsource": "MISC",
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"name": "https://github.com/BasuCert/WinboxPoC",
"refsource": "MISC",
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"name": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847",
"refsource": "MISC",
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"name": "https://n0p.me/winbox-bug-dissection/",
"refsource": "MISC",
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"name": "https://github.com/tenable/routeros/tree/master/poc/bytheway",
"refsource": "MISC",
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14847",
"datePublished": "2018-08-02T07:00:00.000Z",
"dateReserved": "2018-08-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T20:41:37.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20211
Vulnerability from cvelistv5
Published
2021-07-07 13:26
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:26:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/0",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20211",
"datePublished": "2021-07-07T13:26:20",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5951
Vulnerability from cvelistv5
Published
2020-03-02 21:20
Modified
2024-08-05 05:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Nat-Lab/CVE-2018-5951 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T21:20:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Nat-Lab/CVE-2018-5951",
"refsource": "MISC",
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5951",
"datePublished": "2020-03-02T21:20:27",
"dateReserved": "2018-01-21T00:00:00",
"dateUpdated": "2024-08-05T05:47:56.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36522
Vulnerability from cvelistv5
Published
2022-08-26 17:57
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2021/Jul/0 | x_refsource_MISC | |
| https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T23:42:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2021/Jul/0",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36522",
"datePublished": "2022-08-26T17:57:36",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20212
Vulnerability from cvelistv5
Published
2021-07-07 13:27
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:27:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/0",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20212",
"datePublished": "2021-07-07T13:27:27",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20245
Vulnerability from cvelistv5
Published
2021-05-18 19:14
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/23 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T19:14:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"name": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20245",
"datePublished": "2021-05-18T19:14:14",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20216
Vulnerability from cvelistv5
Published
2021-07-07 13:30
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/10 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:30:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/10",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20216",
"datePublished": "2021-07-07T13:30:06",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-20149
Vulnerability from cvelistv5
Published
2022-10-15 00:00
Modified
2024-08-05 21:45
Severity ?
EPSS score ?
Summary
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:26.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/BigNerd95/Chimay-Red"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/BigNerd95/Chimay-Red"
},
{
"url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-20149",
"datePublished": "2022-10-15T00:00:00",
"dateReserved": "2022-10-15T00:00:00",
"dateUpdated": "2024-08-05T21:45:26.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13954
Vulnerability from cvelistv5
Published
2019-07-26 12:15
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2019/Jul/20 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T01:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2019/Jul/20",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"name": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13954",
"datePublished": "2019-07-26T12:15:12",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-05T00:05:44.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1158
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2018-21 | x_refsource_MISC | |
| https://mikrotik.com/download/changelogs | x_refsource_CONFIRM | |
| https://mikrotik.com/download/changelogs/bugfix-release-tree | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2019/Jul/20 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T19:06:12",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-1158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-21",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"name": "https://mikrotik.com/download/changelogs",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs"
},
{
"name": "https://mikrotik.com/download/changelogs/bugfix-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1158",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-16T22:36:00.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20247
Vulnerability from cvelistv5
Published
2021-05-03 15:13
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2020/May/30 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-03T15:13:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2020/May/30",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/May/30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20247",
"datePublished": "2021-05-03T15:13:42",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3978
Vulnerability from cvelistv5
Published
2019-10-28 21:32
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2019-46 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MikroTik RouterOS |
Version: RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker\u0027s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T15:06:19",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker\u0027s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"name": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3978",
"datePublished": "2019-10-28T21:32:57",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20230
Vulnerability from cvelistv5
Published
2021-07-19 16:14
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwe.mitre.org/data/definitions/400.html | x_refsource_MISC | |
| https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/400.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20230",
"datePublished": "2021-07-19T16:14:19",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20253
Vulnerability from cvelistv5
Published
2021-05-18 13:51
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/14 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T13:51:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20253",
"datePublished": "2021-05-18T13:51:38",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41987
Vulnerability from cvelistv5
Published
2022-03-16 14:44
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/download/archive | x_refsource_MISC | |
| https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/download/archive"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-29T14:26:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/download/archive"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/download/archive",
"refsource": "MISC",
"url": "https://mikrotik.com/download/archive"
},
{
"name": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/",
"refsource": "MISC",
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41987",
"datePublished": "2022-03-16T14:44:58",
"dateReserved": "2021-10-04T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34960
Vulnerability from cvelistv5
Published
2022-08-25 01:50
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nns.ee/blog/2022/06/21/routeros-container-rce.html | x_refsource_MISC | |
| https://nns.ee/blog/2022/08/05/routeros-container-rce.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T01:50:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html",
"refsource": "MISC",
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"name": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html",
"refsource": "MISC",
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34960",
"datePublished": "2022-08-25T01:50:03",
"dateReserved": "2022-07-04T00:00:00",
"dateUpdated": "2024-08-03T09:22:10.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24094
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2025-02-19 18:46
Severity ?
EPSS score ?
Summary
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:08.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://mikrotik.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://routeros.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T18:46:48.826858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T18:46:53.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://mikrotik.com"
},
{
"url": "http://routeros.com"
},
{
"url": "https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24094",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-01-23T00:00:00.000Z",
"dateUpdated": "2025-02-19T18:46:53.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8338
Vulnerability from cvelistv5
Published
2017-05-18 06:13
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cxsecurity.com/issue/WLB-2017050062 | x_refsource_MISC | |
| https://www.vulnerability-lab.com/get_content.php?id=2064 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2017/May/59 | x_refsource_MISC | |
| https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-18T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2017050062",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=2064",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
},
{
"name": "http://seclists.org/fulldisclosure/2017/May/59",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"name": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8338",
"datePublished": "2017-05-18T06:13:00",
"dateReserved": "2017-04-29T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20231
Vulnerability from cvelistv5
Published
2021-07-14 13:53
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T13:53:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20231",
"datePublished": "2021-07-14T13:53:25",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7445
Vulnerability from cvelistv5
Published
2018-03-19 21:00
Modified
2025-02-07 16:38
Severity ?
EPSS score ?
Summary
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103427 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2018/Mar/38 | mailing-list, x_refsource_FULLDISC | |
| https://www.exploit-db.com/exploits/44290/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103427"
},
{
"name": "20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"name": "44290",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44290/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-7445",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:27:32.357265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-09-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-7445"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:38:19.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "103427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103427"
},
{
"name": "20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"name": "44290",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44290/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103427"
},
{
"name": "20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"name": "44290",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44290/"
},
{
"name": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7445",
"datePublished": "2018-03-19T21:00:00.000Z",
"dateReserved": "2018-02-23T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:38:19.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15055
Vulnerability from cvelistv5
Published
2019-08-26 20:12
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/download/changelogs/testing-release-tree | x_refsource_CONFIRM | |
| https://fortiguard.com/zeroday/FG-VD-19-108 | x_refsource_MISC | |
| https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90 | x_refsource_MISC | |
| https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055 | x_refsource_MISC | |
| https://forum.mikrotik.com/viewtopic.php?t=151603 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T11:25:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/download/changelogs/testing-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-19-108",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"name": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90",
"refsource": "MISC",
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"name": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055",
"refsource": "MISC",
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"name": "https://forum.mikrotik.com/viewtopic.php?t=151603",
"refsource": "CONFIRM",
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15055",
"datePublished": "2019-08-26T20:12:52",
"dateReserved": "2019-08-14T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-22845
Vulnerability from cvelistv5
Published
2022-02-28 18:48
Modified
2024-08-04 14:51
Severity ?
EPSS score ?
Summary
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/support | x_refsource_MISC | |
| https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/support"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-28T18:48:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/support"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/support",
"refsource": "MISC",
"url": "https://mikrotik.com/support"
},
{
"name": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md",
"refsource": "MISC",
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22845",
"datePublished": "2022-02-28T18:48:56",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:51:11.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20220
Vulnerability from cvelistv5
Published
2021-05-18 19:09
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/23 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T19:09:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"name": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20220",
"datePublished": "2021-05-18T19:09:29",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20225
Vulnerability from cvelistv5
Published
2021-07-07 13:31
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/12 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:31:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20225",
"datePublished": "2021-07-07T13:31:15",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20267
Vulnerability from cvelistv5
Published
2021-05-11 14:25
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/May/12 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T14:25:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2021/May/12",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20267",
"datePublished": "2021-05-11T14:25:04",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13074
Vulnerability from cvelistv5
Published
2019-07-03 20:07
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forum.mikrotik.com/viewtopic.php?t=150045 | x_refsource_CONFIRM | |
| https://mikrotik.com/download/changelogs/stable-release-tree | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T13:07:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.mikrotik.com/viewtopic.php?t=150045",
"refsource": "CONFIRM",
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"name": "https://mikrotik.com/download/changelogs/stable-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13074",
"datePublished": "2019-07-03T20:07:27",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16160
Vulnerability from cvelistv5
Published
2020-10-07 15:07
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com | x_refsource_MISC | |
| https://forum.mikrotik.com/viewtopic.php?t=151603 | x_refsource_CONFIRM | |
| https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-07T15:07:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com",
"refsource": "MISC",
"url": "https://mikrotik.com"
},
{
"name": "https://forum.mikrotik.com/viewtopic.php?t=151603",
"refsource": "CONFIRM",
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"name": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24",
"refsource": "MISC",
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16160",
"datePublished": "2020-10-07T15:07:39",
"dateReserved": "2019-09-09T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36614
Vulnerability from cvelistv5
Published
2022-05-11 17:34
Modified
2024-08-04 01:01
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2021/Jul/0 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2022/Jun/2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:57.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T20:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2021/Jul/0",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36614",
"datePublished": "2022-05-11T17:34:27",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-08-04T01:01:57.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20248
Vulnerability from cvelistv5
Published
2021-07-19 17:35
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwe.mitre.org/data/definitions/400.html | x_refsource_MISC | |
| https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/400.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20248",
"datePublished": "2021-07-19T17:35:49",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20262
Vulnerability from cvelistv5
Published
2021-07-21 13:25
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2021/May/2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T13:25:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/2",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20262",
"datePublished": "2021-07-21T13:25:24",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3976
Vulnerability from cvelistv5
Published
2019-10-28 21:32
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2019-46 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MikroTik RouterOS |
Version: RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package\u0027s name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative path traversal.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T21:32:40",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package\u0027s name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative path traversal."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3976",
"datePublished": "2019-10-28T21:32:40",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27221
Vulnerability from cvelistv5
Published
2021-03-19 02:28
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor\u0027s position is that this is intended behavior because of how user policies work"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-19T02:28:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor\u0027s position is that this is intended behavior because of how user policies work."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe",
"refsource": "MISC",
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27221",
"datePublished": "2021-03-19T02:28:41",
"dateReserved": "2021-02-15T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1159
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-16 18:23
Severity ?
EPSS score ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2018-21 | x_refsource_MISC | |
| https://mikrotik.com/download/changelogs | x_refsource_CONFIRM | |
| https://mikrotik.com/download/changelogs/bugfix-release-tree | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-23T18:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-1159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-21",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"name": "https://mikrotik.com/download/changelogs",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs"
},
{
"name": "https://mikrotik.com/download/changelogs/bugfix-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1159",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-16T18:23:55.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30800
Vulnerability from cvelistv5
Published
2023-09-07 15:43
Modified
2024-09-26 19:04
Severity ?
EPSS score ?
Summary
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30800",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:04:33.430241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:04:47.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86",
"ARM",
"PPC",
"MIPSBE"
],
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"status": "unaffected",
"version": "6.49.10"
},
{
"status": "affected",
"version": "6.49.9"
},
{
"status": "affected",
"version": "6.48.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server\u0027s heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\u003cbr\u003e"
}
],
"value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server\u0027s heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-123",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-123 Buffer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T15:43:54.429Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MikroTik RouterOS Web Interface Heap Corruption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-30800",
"datePublished": "2023-09-07T15:43:54.429Z",
"dateReserved": "2023-04-18T10:31:45.962Z",
"dateUpdated": "2024-09-26T19:04:47.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20218
Vulnerability from cvelistv5
Published
2021-05-03 15:13
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/fulldisclosure/2020/May/30 | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2021/May/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T13:48:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2020/May/30",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/1",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20218",
"datePublished": "2021-05-03T15:13:44",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20264
Vulnerability from cvelistv5
Published
2021-05-19 11:19
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2021/May/11 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T11:19:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/11",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20264",
"datePublished": "2021-05-19T11:19:57",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20246
Vulnerability from cvelistv5
Published
2021-05-18 19:11
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/23 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T19:18:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"name": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20246",
"datePublished": "2021-05-18T19:11:01",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6297
Vulnerability from cvelistv5
Published
2017-02-27 07:25
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/96447 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
},
{
"name": "96447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
},
{
"name": "96447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/",
"refsource": "MISC",
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
},
{
"name": "96447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6297",
"datePublished": "2017-02-27T07:25:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2350
Vulnerability from cvelistv5
Published
2015-03-19 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/73013 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2015/Mar/49 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73013"
},
{
"name": "20150309 MikroTik RouterOS Admin Password Change CSRF",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-25T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "73013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73013"
},
{
"name": "20150309 MikroTik RouterOS Admin Password Change CSRF",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73013"
},
{
"name": "20150309 MikroTik RouterOS Admin Password Change CSRF",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"name": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2350",
"datePublished": "2015-03-19T14:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20237
Vulnerability from cvelistv5
Published
2021-05-18 18:22
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/15 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2021/May/15 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T18:25:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/15",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20237",
"datePublished": "2021-05-18T18:22:05",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20222
Vulnerability from cvelistv5
Published
2021-05-18 18:21
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/15 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2021/May/15 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T18:25:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/15",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20222",
"datePublished": "2021-05-18T18:21:55",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20021
Vulnerability from cvelistv5
Published
2023-07-12 00:00
Modified
2024-11-07 15:15
Severity ?
EPSS score ?
Summary
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://mikrotik.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://router.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48228"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-20021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:15:08.600717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:15:16.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://mikrotik.com"
},
{
"url": "http://router.com"
},
{
"url": "https://www.exploit-db.com/exploits/48228"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20021",
"datePublished": "2023-07-12T00:00:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-11-07T15:15:16.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1156
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-16 19:31
Severity ?
EPSS score ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2018-21 | x_refsource_MISC | |
| https://mikrotik.com/download/changelogs | x_refsource_CONFIRM | |
| https://mikrotik.com/download/changelogs/bugfix-release-tree | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-23T18:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-1156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-21",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"name": "https://mikrotik.com/download/changelogs",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs"
},
{
"name": "https://mikrotik.com/download/changelogs/bugfix-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1156",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-16T19:31:35.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20236
Vulnerability from cvelistv5
Published
2021-05-18 18:22
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/15 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2021/May/15 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T18:25:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/15",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20236",
"datePublished": "2021-05-18T18:22:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20265
Vulnerability from cvelistv5
Published
2021-05-11 14:25
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/May/12 | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2021/May/11 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"name": "04052021 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T17:37:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"name": "04052021 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2021/May/12",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"name": "04052021 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20265",
"datePublished": "2021-05-11T14:25:53",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20250
Vulnerability from cvelistv5
Published
2021-07-13 11:59
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T11:59:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20250",
"datePublished": "2021-07-13T11:59:52",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20266
Vulnerability from cvelistv5
Published
2021-05-19 11:20
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2021/May/11 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T11:20:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/11",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20266",
"datePublished": "2021-05-19T11:20:02",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3977
Vulnerability from cvelistv5
Published
2019-10-28 21:34
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2019-46 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MikroTik RouterOS |
Version: RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system\u0027s usernames and passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Insufficient checks on origin",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T21:34:37",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system\u0027s usernames and passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Insufficient checks on origin"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3977",
"datePublished": "2019-10-28T21:34:37",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20249
Vulnerability from cvelistv5
Published
2021-07-19 17:27
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T17:27:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20249",
"datePublished": "2021-07-19T17:27:54",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45313
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 14:09
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45313",
"datePublished": "2022-12-05T00:00:00",
"dateReserved": "2022-11-14T00:00:00",
"dateUpdated": "2024-08-03T14:09:56.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1157
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-17 02:56
Severity ?
EPSS score ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2018-21 | x_refsource_MISC | |
| https://mikrotik.com/download/changelogs | x_refsource_CONFIRM | |
| https://mikrotik.com/download/changelogs/bugfix-release-tree | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2019/Jul/20 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T19:06:12",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-1157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-21",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"name": "https://mikrotik.com/download/changelogs",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs"
},
{
"name": "https://mikrotik.com/download/changelogs/bugfix-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1157",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-17T02:56:35.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-22844
Vulnerability from cvelistv5
Published
2022-02-28 18:48
Modified
2024-08-04 14:51
Severity ?
EPSS score ?
Summary
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/support | x_refsource_MISC | |
| https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/support"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-28T18:48:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/support"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/support",
"refsource": "MISC",
"url": "https://mikrotik.com/support"
},
{
"name": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md",
"refsource": "MISC",
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22844",
"datePublished": "2022-02-28T18:48:44",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:51:11.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30799
Vulnerability from cvelistv5
Published
2023-07-19 14:56
Modified
2024-10-24 18:50
Severity ?
EPSS score ?
Summary
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vulncheck.com/advisories/mikrotik-foisted | third-party-advisory | |
| https://github.com/MarginResearch/FOISted | exploit |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/MarginResearch/FOISted"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30799",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:50:26.181727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:50:44.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86",
"ARM",
"64 bit",
"mips",
"ppc"
],
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"lessThan": "6.49.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.48.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eMikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\u003c/div\u003e"
}
],
"value": "MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T14:56:17.362Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/MarginResearch/FOISted"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MikroTik RouterOS Administrator Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-30799",
"datePublished": "2023-07-19T14:56:17.362Z",
"dateReserved": "2023-04-18T10:31:45.962Z",
"dateUpdated": "2024-10-24T18:50:44.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20254
Vulnerability from cvelistv5
Published
2021-05-18 13:52
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/14 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2021/May/14 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T13:52:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/14",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20254",
"datePublished": "2021-05-18T13:52:19",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20227
Vulnerability from cvelistv5
Published
2021-05-18 19:10
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mikrotik.com/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/May/23 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T19:10:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"name": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20227",
"datePublished": "2021-05-18T19:10:17",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6050
Vulnerability from cvelistv5
Published
2012-11-27 02:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18817 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75327 | vdb-entry, x_refsource_XF | |
| http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18817",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"name": "mikrotik-winbox-dos(75327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router\u0027s DLLs or plugins, as demonstrated by roteros.dll."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18817",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"name": "mikrotik-winbox-dos(75327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router\u0027s DLLs or plugins, as demonstrated by roteros.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18817",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"name": "mikrotik-winbox-dos(75327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
},
{
"name": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/",
"refsource": "MISC",
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6050",
"datePublished": "2012-11-27T02:00:00",
"dateReserved": "2012-11-26T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}