3 matches found
MikroTik RouterOS Download of Code Without Integrity Check (CVE-2019-3977)
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into upgrading to an older version of RouterOS and possibly reseting all the system's...
CVE-2019-3977
creationtimestamp| type| source ---|---|--- 2019-10-29 18:57:45+00:00| published-proof-of-concept| https://t.me/antichat/6903 2019-10-29 19:57:25+00:00| published-proof-of-concept| https://t.me/cybershit/608 2019-10-30 01:40:05+00:00| seen| https://t.me/dtpnk/368 2019-10-30 10:21:42+00:00| seen|...
CVE-2019-3977
CVE-2019-3977 affects MikroTik RouterOS. The vulnerability arises from insufficient validation of the origin of upgrade packages during autoupgrade, allowing a remote attacker to trick a device into upgrading to an older RouterOS version and potentially reset all usernames and passwords. Document...