Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MikroTik RouterOS Denial Of Service / Memory Corruption Vulnerability

🗓️ 12 May 2020 00:00:00Reported by Qian ChenType 
zdt
 zdt🔗 0day.today👁 42 Views

MikroTik RouterOS Denial Of Service / Memory Corruption Vulnerability in versions until stable 6.45.7 and 6.46.

Code
Details
=======

Product: MikroTik's RouterOS
Affected Versions: until stable 6.45.7 (first vulnerability), until stable
6.46.4 (second vulnerability)
Fixed Versions: stable 6.46.x (first vulnerability), stable 6.46.5 (second
vulnerability)
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team


Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch, router and access point.


Description of vulnerabilities
==========================

These two vulnerabilities were tested only against the MikroTik RouterOS
stable release tree when found. Maybe other release trees also suffer from
these vulnerabilities.

1. The cerm process suffers from an uncontrolled resource consumption
issue. By sending a crafted packet, an authenticated remote user can cause
a high cpu load, which may make the device respond slowly or unable to
respond.

2. The traceroute process suffers from a memory corruption issue. By
sending a crafted packet, an authenticated remote user can crash the
traceroute process due to invalid memory access.


Solution
========

Upgrade to the corresponding latest RouterOS tree version.


References
==========

[1] https://mikrotik.com/download/changelogs/stable-release-tree

#  0day.today [2020-07-19]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 May 2020 00:00Current
0.3Low risk
Vulners AI Score0.3
mikrotikrouterosdenial of servicememory corruptionvulnerabilityresource consumptionhigh cpu loadtraceroute processremote usercrafted packetauthentication
42