var-202105-0088
Vulnerability from variot
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a buffer error vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.46.3, 6.46.4, 6.46.5, 6.46.6, 6.46.7, 6.46.8, 6.47, 6.47.1, 6.47.2, 6.47.3, 6.47. Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: no fix yet CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237 Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point.
Description of vulnerabilities
These vulnerabilities were reported to the vendor almost one year ago. And the vendor confirmed these vulnerabilities. However, there is still no fix for them yet. By the way, the three vulnerabilities in sniffer binary are different from each one.
- There is a reachable assertion in the btest process. By sending a crafted packet, an authenticated remote user can crash the btest process due to assertion failure.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: /nova/bin/btest
2020.06.19-15:51:36.94@0: --- signal=6
2020.06.19-15:51:36.94@0:
2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246
2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880
esp=0x7fdcf878 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f edx=0x00000006 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: maps: 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006 /nova/bin/btest 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947 /lib/libucrypto.so 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71 77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c 77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00 2020.06.19-15:51:36.94@0: 2020.06.19-15:51:36.94@0: code: 0x7772255b 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.44.5, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
- By sending a crafted packet, an authenticated remote user can crash the sniffer process due to NULL pointer dereference.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: /nova/bin/sniffer
2020.06.19-16:36:18.33@0: --- signal=11
2020.06.19-16:36:18.33@0:
2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206
2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8
esp=0x7f85c080 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000 edx=0x08059678 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: maps: 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:36:18.33@0: 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05 08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00 00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77 2020.06.19-16:36:18.34@0: 2020.06.19-16:36:18.34@0: code: 0x8050e33 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53 56
This vulnerability was initially found in long-term 6.44.6, and it seems that the latest stable version 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: /nova/bin/sniffer
2020.06.19-16:58:33.42@0: --- signal=11
2020.06.19-16:58:33.42@0:
2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202
2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428
esp=0x7f8df3e0 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704 edx=0x08073714 2020.06.19-16:58:33.42@0: 2020.06.19-16:58:33.42@0: maps: 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07 08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00 00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77 2020.06.19-16:58:33.43@0: 2020.06.19-16:58:33.43@0: code: 0x8050dac 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34 08
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest version stable 6.48.2 still suffers from this vulnerability.
Against stable 6.46.5, the poc resulted in the following crash dump.
# cat /rw/logs/backtrace.log
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: /nova/bin/sniffer
2020.06.19-17:58:43.98@0: --- signal=11
2020.06.19-17:58:43.98@0:
2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202
2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38
esp=0x7ff96af8 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034 edx=0x77721014 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: maps: 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034 /nova/bin/sniffer 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964 /lib/libuClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960 /lib/libgcc_s.so.1 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944 /lib/libuc++.so 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950 /lib/libubox.so 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946 /lib/libumsg.so 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958 /lib/ld-uClibc-0.9.33.2.so 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00 00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00 00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f 2020.06.19-17:58:43.98@0: 2020.06.19-17:58:43.98@0: code: 0x77712055 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b 42
Interestingly, the same poc resulted in another different crash dump(SIGABRT) against stable 6.48.2.
# cat /rw/logs/backtrace.log
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: /nova/bin/sniffer
2021.05.07-16:02:37.25@0: --- signal=6
2021.05.07-16:02:37.25@0:
2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246
2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8
esp=0x7f97def0 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6 edx=0x00000006 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: maps: 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036 /nova/bin/sniffer 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966 /lib/libuClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962 /lib/libgcc_s.so.1 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945 /lib/libuc++.so 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951 /lib/libubox.so 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947 /lib/libumsg.so 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960 /lib/ld-uClibc-0.9.33.2.so 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e 77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f 77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08 2021.05.07-16:02:37.25@0: 2021.05.07-16:02:37.25@0: code: 0x776f255b 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7 d8
This vulnerability was initially found in long-term 6.46.3, and it seems that the latest stable version 6.48.2 suffers from an assertion failure vulnerability when running the same poc.
Solution
No upgrade firmware available yet
References
[1] https://mikrotik.com/download/changelogs/stable-release-tree
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "routeros",
"scope": "eq",
"trust": 1.0,
"vendor": "mikrotik",
"version": "6.46.3"
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": "routeros",
"scope": "eq",
"trust": 0.8,
"vendor": "mikrotik",
"version": "6.46.3 (stable tree)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qian Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
}
],
"trust": 0.7
},
"cve": "CVE-2020-20236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20236",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-173694",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-20236",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-20236",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20236",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-20236",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-479",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173694",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-20236",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. MikroTik RouterOS has a buffer error vulnerability. The following products and versions are affected: MikroTik RouterOS: 6.46.3, 6.46.4, 6.46.5, 6.46.6, 6.46.7, 6.46.8, 6.47, 6.47.1, 6.47.2, 6.47.3, 6.47. Advisory: four vulnerabilities found in MikroTik\u0027s RouterOS\n\n\nDetails\n=======\n\nProduct: MikroTik\u0027s RouterOS\nVendor URL: https://mikrotik.com/\nVendor Status: no fix yet\nCVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237\nCredit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team\n\n\nProduct Description\n==================\n\nRouterOS is the operating system used on the MikroTik\u0027s devices, such as\nswitch, router and access point. \n\n\nDescription of vulnerabilities\n==========================\nThese vulnerabilities were reported to the vendor almost one year ago. And\nthe vendor confirmed these vulnerabilities. However, there is still no fix\nfor them yet. \nBy the way, the three vulnerabilities in sniffer binary are different from\neach one. \n\n1. There is\na reachable assertion in the btest process. By sending a crafted packet, an\nauthenticated remote user can crash the btest process due to assertion\nfailure. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: /nova/bin/btest\n 2020.06.19-15:51:36.94@0: --- signal=6\n--------------------------------------------\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: eip=0x7772255b eflags=0x00000246\n 2020.06.19-15:51:36.94@0: edi=0x00fe0001 esi=0x7772a200 ebp=0x7fdcf880\nesp=0x7fdcf878\n 2020.06.19-15:51:36.94@0: eax=0x00000000 ebx=0x0000010f ecx=0x0000010f\nedx=0x00000006\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: maps:\n 2020.06.19-15:51:36.94@0: 08048000-08057000 r-xp 00000000 00:0c 1006\n /nova/bin/btest\n 2020.06.19-15:51:36.94@0: 776f4000-77729000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0: 7772d000-77747000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-15:51:36.94@0: 77748000-77757000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-15:51:36.94@0: 77758000-77775000 r-xp 00000000 00:0c 947\n /lib/libucrypto.so\n 2020.06.19-15:51:36.94@0: 77776000-777c2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-15:51:36.94@0: 777c8000-777cf000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: stack: 0x7fdd0000 - 0x7fdcf878\n 2020.06.19-15:51:36.94@0: 00 a0 72 77 00 a0 72 77 b8 f8 dc 7f 77 e0 71\n77 06 00 00 00 00 a2 72 77 20 00 00 00 00 00 00 00\n 2020.06.19-15:51:36.94@0: 16 00 00 00 18 f9 dc 7f b4 f8 dc 7f e4 2a 7c\n77 01 00 00 00 e4 2a 7c 77 16 00 00 00 01 00 fe 00\n 2020.06.19-15:51:36.94@0:\n 2020.06.19-15:51:36.94@0: code: 0x7772255b\n 2020.06.19-15:51:36.94@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.44.5, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n2. By\nsending a crafted packet, an authenticated remote user can crash the\nsniffer process due to NULL pointer dereference. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: eip=0x08050e33 eflags=0x00010206\n 2020.06.19-16:36:18.33@0: edi=0x08057a24 esi=0x7f85c094 ebp=0x7f85c0c8\nesp=0x7f85c080\n 2020.06.19-16:36:18.33@0: eax=0x00000000 ebx=0x7f85c090 ecx=0x00ff0000\nedx=0x08059678\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: maps:\n 2020.06.19-16:36:18.33@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:36:18.33@0: 776ce000-77703000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0: 77707000-77721000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:36:18.33@0: 77722000-77731000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:36:18.33@0: 77732000-7773a000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:36:18.33@0: 7773b000-77787000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:36:18.33@0: 7778d000-77794000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:36:18.33@0:\n 2020.06.19-16:36:18.33@0: stack: 0x7f85d000 - 0x7f85c080\n 2020.06.19-16:36:18.33@0: 2c 08 07 08 04 00 fe 08 fe 00 00 00 20 ad 05\n08 00 0c 07 08 a0 0b 07 08 af 0b 07 08 04 7a 05 08\n 2020.06.19-16:36:18.33@0: 08 00 00 00 24 7a 05 08 ff 00 00 00 00 00 00\n00 08 c2 85 7f e4 7a 78 77 d8 c0 85 7f e4 7a 78 77\n 2020.06.19-16:36:18.34@0:\n 2020.06.19-16:36:18.34@0: code: 0x8050e33\n 2020.06.19-16:36:18.34@0: 0b 48 0c 89 fa 89 d8 e8 7d f1 ff ff 50 50 53\n56\n\nThis vulnerability was initially found in long-term 6.44.6, and it seems\nthat the latest stable version 6.48.2 still suffers from this vulnerability. \n\n3. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: --- signal=11\n--------------------------------------------\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: eip=0x08050dac eflags=0x00010202\n 2020.06.19-16:58:33.42@0: edi=0x08057a24 esi=0x00000001 ebp=0x7f8df428\nesp=0x7f8df3e0\n 2020.06.19-16:58:33.42@0: eax=0x08073714 ebx=0x08073710 ecx=0x08073704\nedx=0x08073714\n 2020.06.19-16:58:33.42@0:\n 2020.06.19-16:58:33.42@0: maps:\n 2020.06.19-16:58:33.42@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-16:58:33.42@0: 77730000-77765000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-16:58:33.42@0: 77769000-77783000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-16:58:33.42@0: 77784000-77793000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-16:58:33.42@0: 77794000-7779c000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-16:58:33.42@0: 7779d000-777e9000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-16:58:33.43@0: 777ef000-777f6000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: stack: 0x7f8e0000 - 0x7f8df3e0\n 2020.06.19-16:58:33.43@0: 3c ab 05 08 04 00 fe 08 e0 0f 00 00 14 37 07\n08 24 7a 05 08 00 00 00 00 18 f4 8d 7f 04 7a 05 08\n 2020.06.19-16:58:33.43@0: 08 00 00 00 24 7a 05 08 04 00 00 00 00 00 00\n00 70 4a 7a 77 e4 9a 7e 77 38 f4 8d 7f e4 9a 7e 77\n 2020.06.19-16:58:33.43@0:\n 2020.06.19-16:58:33.43@0: code: 0x8050dac\n 2020.06.19-16:58:33.43@0: 8b 43 04 83 e0 fc 85 c0 74 1c 8b 4b 14 39 34\n08\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest version stable 6.48.2 still suffers from this vulnerability. \n\n4. \n\nAgainst stable 6.46.5, the poc resulted in the following crash dump. \n\n # cat /rw/logs/backtrace.log\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: --- signal=11\n--------------------------------------------\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: eip=0x77712055 eflags=0x00010202\n 2020.06.19-17:58:43.98@0: edi=0x77720f34 esi=0x77721015 ebp=0x7ff96b38\nesp=0x7ff96af8\n 2020.06.19-17:58:43.98@0: eax=0x77721054 ebx=0x7771f000 ecx=0x77721034\nedx=0x77721014\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: maps:\n 2020.06.19-17:58:43.98@0: 08048000-08056000 r-xp 00000000 00:0c 1034\n /nova/bin/sniffer\n 2020.06.19-17:58:43.98@0: 776e9000-7771e000 r-xp 00000000 00:0c 964\n /lib/libuClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0: 77722000-7773c000 r-xp 00000000 00:0c 960\n /lib/libgcc_s.so.1\n 2020.06.19-17:58:43.98@0: 7773d000-7774c000 r-xp 00000000 00:0c 944\n /lib/libuc++.so\n 2020.06.19-17:58:43.98@0: 7774d000-77755000 r-xp 00000000 00:0c 950\n /lib/libubox.so\n 2020.06.19-17:58:43.98@0: 77756000-777a2000 r-xp 00000000 00:0c 946\n /lib/libumsg.so\n 2020.06.19-17:58:43.98@0: 777a8000-777af000 r-xp 00000000 00:0c 958\n /lib/ld-uClibc-0.9.33.2.so\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: stack: 0x7ff97000 - 0x7ff96af8\n 2020.06.19-17:58:43.98@0: 00 f0 71 77 00 0f 72 77 30 00 00 00 00 00 00\n00 38 b2 05 08 34 0f 72 77 04 00 00 00 00 0f 72 77\n 2020.06.19-17:58:43.98@0: 20 00 00 00 1b 7b 71 77 e8 f1 71 77 98 00 00\n00 01 00 00 00 ec c4 74 77 74 a1 05 08 f8 6b f9 7f\n 2020.06.19-17:58:43.98@0:\n 2020.06.19-17:58:43.98@0: code: 0x77712055\n 2020.06.19-17:58:43.98@0: 89 14 10 eb bc 8b 93 a4 ff ff ff 8b 7d e0 8b\n42\n\nInterestingly, the same poc resulted in another different crash\ndump(SIGABRT) against stable 6.48.2. \n\n # cat /rw/logs/backtrace.log\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: --- signal=6\n--------------------------------------------\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: eip=0x776f255b eflags=0x00000246\n 2021.05.07-16:02:37.25@0: edi=0x0805aca8 esi=0x776fa200 ebp=0x7f97def8\nesp=0x7f97def0\n 2021.05.07-16:02:37.25@0: eax=0x00000000 ebx=0x000000b6 ecx=0x000000b6\nedx=0x00000006\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: maps:\n 2021.05.07-16:02:37.25@0: 08048000-08056000 r-xp 00000000 00:0c 1036\n /nova/bin/sniffer\n 2021.05.07-16:02:37.25@0: 776c4000-776f9000 r-xp 00000000 00:0c 966\n /lib/libuClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0: 776fd000-77717000 r-xp 00000000 00:0c 962\n /lib/libgcc_s.so.1\n 2021.05.07-16:02:37.25@0: 77718000-77727000 r-xp 00000000 00:0c 945\n /lib/libuc++.so\n 2021.05.07-16:02:37.25@0: 77728000-77730000 r-xp 00000000 00:0c 951\n /lib/libubox.so\n 2021.05.07-16:02:37.25@0: 77731000-7777d000 r-xp 00000000 00:0c 947\n /lib/libumsg.so\n 2021.05.07-16:02:37.25@0: 77783000-7778a000 r-xp 00000000 00:0c 960\n /lib/ld-uClibc-0.9.33.2.so\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: stack: 0x7f97f000 - 0x7f97def0\n 2021.05.07-16:02:37.25@0: 00 a0 6f 77 00 a0 6f 77 30 df 97 7f 77 e0 6e\n77 06 00 00 00 00 a2 6f 77 20 00 00 00 00 00 00 00\n 2021.05.07-16:02:37.25@0: 26 2b 6f 77 00 a0 6f 77 28 df 97 7f 21 2c 6f\n77 e8 a1 6f 77 00 a0 6f 77 00 bf 6f 77 a8 ac 05 08\n 2021.05.07-16:02:37.25@0:\n 2021.05.07-16:02:37.25@0: code: 0x776f255b\n 2021.05.07-16:02:37.25@0: 5b 3d 00 f0 ff ff 76 0e 8b 93 cc ff ff ff f7\nd8\n\nThis vulnerability was initially found in long-term 6.46.3, and it seems\nthat the latest stable version 6.48.2 suffers from an assertion failure\nvulnerability when running the same poc. \n\n\nSolution\n========\n\nNo upgrade firmware available yet\n\n\nReferences\n==========\n\n[1] https://mikrotik.com/download/changelogs/stable-release-tree\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "PACKETSTORM",
"id": "162513"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20236",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162513",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021051005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-173694",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-20236",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"id": "VAR-202105-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:10:41.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://mikrotik.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/162513/mikrotik-routeros-6.46.5-memory-corruption-assertion-failure.html"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2021/may/15"
},
{
"trust": 1.9,
"url": "https://mikrotik.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20236"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051005"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20214"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173694"
},
{
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"db": "PACKETSTORM",
"id": "162513"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-173694"
},
{
"date": "2021-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"date": "2021-05-10T14:25:07",
"db": "PACKETSTORM",
"id": "162513"
},
{
"date": "2021-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-18T19:15:07.767000",
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-173694"
},
{
"date": "2021-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20236"
},
{
"date": "2022-01-25T05:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006898"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-479"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-03T16:04:40.443000",
"db": "NVD",
"id": "CVE-2020-20236"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikrotik\u00a0RouterOs\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006898"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-479"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.