4 matches found
MikroTik RouterOS Insufficient Verification of Data Authenticity (CVE-2019-3979)
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's...
CVE-2019-3979
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's...
CVE-2019-3979
creationtimestamp| type| source ---|---|--- 2019-10-29 18:57:45+00:00| published-proof-of-concept| https://t.me/antichat/6903 2019-10-29 19:57:25+00:00| published-proof-of-concept| https://t.me/cybershit/608 2019-10-30 01:40:05+00:00| seen| https://t.me/dtpnk/368 2019-10-30 03:57:56+00:00|...
CVE-2019-3979
CVE-2019-3979 affects MikroTik RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and earlier builds. The issue is a DNS cache-poisoning vulnerability where the router adds all A records from DNS responses to its cache, even if unrelated to the queried domain. A remote attacker-controlled DNS ser...