CVE-2019-3943

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files...

Directory traversal

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files...

CVE-2019-3943

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files...

CVE-2019-3943

CVE-2019-3943 affects MikroTik RouterOS: authenticated remote directory traversal via HTTP or Winbox. Vulnerable on Stable 6.43.12 and earlier, Long-term 6.42.12 and earlier, and Testing 6.44beta75 and earlier. The issue allows reading/writing files outside the sandbox directory (/rw/disk). Conne...

MikroTik RouterOS Directory Traversal Vulnerability (CVE-2019-3943)

MikroTik RouterOS is prone to an authenticated directory traversal vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MikroTik RouterOS Unauthenticated Intermediary

The remote networking device is running a version of MikroTik RouterOS vulnerable to an unauthenticated intermediary vulnerability. Therefore, an unauthenticated remote attacker could use the MikroTik router to proxy arbitrary traffic or bypass the router's firewall. %NASLMINLEVEL 70300 C Tenable...

The vulnerability of the RouterOS operating system, related to errors in privilege management, allows a hacker to circumvent network firewall policies.

The vulnerability of the RouterOS operating system is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to bypass network firewall policies from a remote location...

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass

MikroTik RouterOS 6.43.12 stable / 6.42.12 long-term - Firewall and NAT Bypass CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack ca...

MikroTik RouterOS Intermediary Vulnerability (CVE-2019-3924)

MikroTik RouterOS is prone to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions migh...

MikroTik RouterOS 6.43.12 (stable) 6.42.12 (long-term) - Firewall and NAT Bypass

MikroTik RouterOS 6.43.12 stable 6.42.12 long-term - Firewall and NAT Bypass CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can ...

MikroTik RouterOS Unauthenticated Firewall & NAT Bypass Vulnerability

MikroTik RouterOS is the operating system for the MikroTik RouterBOARD hardware. A security vulnerability exists in MikroTik RouterOS versions prior to 6.43.12 stable and 6.42.12 long term. A remote, unauthenticated attacker could exploit this vulnerability to bypass the router's firewall or...

MikroTik RouterOS &lt; 6.43.12 (stable) / &lt; 6.42.12 (long-term) - Firewall and NAT Bypass

CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can be found here: https://www.youtube.com/watch?v=CxyOtsNVgFg A Tenable Research...

CVE-2019-3924

MikroTik RouterOS before 6.43.12 stable and 6.42.12 long-term is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for...

CVE-2019-3924

MikroTik RouterOS before 6.43.12 stable and 6.42.12 long-term is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for...

Design/Logic Flaw

MikroTik RouterOS before 6.43.12 stable and 6.42.12 long-term is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for...

CVE-2019-3924

MikroTik RouterOS before 6.43.12 stable and 6.42.12 long-term is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for...

CVE-2019-3924

CVE-2019-3924 affects MikroTik RouterOS prior to 6.43.12 (stable) and 6.42.12 (long-term). The vulnerability lets an unauthenticated remote attacker trigger user-specified network requests to WAN and LAN clients via an intermediary flaw, enabling firewall bypass or general network scanning activi...

MikroTik RouterOS Detection (SSH)

SSH based detection of MikroTik RouterOS. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108548"...

PT-2019-1524 · Mikrotik · Routeros +1

Name of the Vulnerable Software and Affected Versions: MikroTik RouterOS versions prior to 6.43.12 MikroTik RouterOS versions prior to 6.42.12 Description: The issue is related to privilege management errors in the operating system. It allows a remote attacker to bypass firewall policies. The...

Mikrotik RouterOS Telnet Arbitrary Root File Creation Vulnerability

An exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem...