RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into “upgrading” to an older version of RouterOS and possibly reseting all the system’s usernames and passwords.
[
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
]