993 matches found
The vulnerability of the implementation of the .NPK-file processing mechanism in the RouterOS operating system of MikroTik allows a hacker to create arbitrary directories and execute arbitrary shell commands.
The vulnerability of the RouterOS operating system’s .NPK-file processing mechanism in MikroTik routers involves bypassing the relative path. Exploiting this vulnerability allows a malicious actor to create arbitrary directories and execute arbitrary shell commands using the malicious update...
The vulnerability of the RouterOS operating system’s automatic update function in MikroTik routers allows a intruder to gain unauthorized access to protected information.
The vulnerability of the RouterOS operating system’s automatic update function for MikroTik routers involves loading code without checking its integrity. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information by resetting t...
The vulnerability of the RouterOS operating system, related to the lack of authentication for critical functions, allows attackers to compromise the integrity of protected information.
The vulnerability of the RouterOS operating system is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to influence the integrity of protected information by sending DNS requests through port 8291...
The vulnerability of the RouterOS operating system, which arises due to insufficient validation of input data, allows a hacker to cause damage to the integrity of DNS system data.
The vulnerability of the RouterOS operating system exists due to insufficient checks on input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause damage to the integrity of DNS system data...
The vulnerability of the RouterOS operating system in MikroTik routers, related to the emergency termination of the HTTP server, allows a hacker to restart the system and cause a service failure.
The vulnerability of the RouterOS operating system for MikroTik relates to the abnormal termination of the HTTP server. Exploiting this vulnerability allows a malicious actor to remotely restart the system and cause a service failure by sending a specially crafted HTTP request...
MikroTik RouterOS 6.45.6 DNS Cache Poisoning
Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS...
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and...
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit
Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS installs CVE :...
MikroTik RouterOS < 6.44.6 LTS or 6.45.x < 6.45.7 Multiple Vulnerabilities
According to its self-reported version, the remote networking device is running a version of MikroTik RouterOS prior to 6.44.6 LTS or 6.45.x prior to 6.45.7. It is, therefore, affected by multiple vulnerabilities : - Relative Path Traversal in NPK Parsing - RouterOS 6.45.6 Stable, RouterOS 6.44.5...
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS...
MikroTik RouterOS < 6.44.6 (LTS), < 6.45.7 (Stable) Multiple Vulnerabilities
MikroTik RouterOS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:mikrotik:routeros"; if...
CVE-2019-3976
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled...
CVE-2019-3977
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system...
CVE-2019-3979
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's...
CVE-2019-3977
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system...
CVE-2019-3978
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning...
CVE-2019-3976
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled...
CVE-2019-3979
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's...
CVE-2019-3978
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning...
Default configuration
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning...