CVE-2021-27221

2021-03-1902:28:41

mitre

www.cve.org

mikrotik

routeros

ftp

arbitrary files

AI Score

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor’s position is that this is intended behavior because of how user policies work

References

onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe