Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.Ģ6 Ccr1009-7g-1c-1s\+, Ccr1009-7g-1c-1s\+pc, Ccr1009-7g-1c-pc and 23 more The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.Īn integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.Ī buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. The attacker must know the scep_server_name value. In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.Ī buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
0 kommentar(er)
