CVE-2019-3976
N/A
N/A
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | MikroTik RouterOS | RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. | affected |
Weaknesses
- CWE-23: CWE-23 Relative path traversal.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.