CVE-2019-3976

Summary

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.

Affected Software

VendorProductVersion RangeStatus
n/aMikroTik RouterOSRouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below.affected

Weaknesses

  • CWE-23: CWE-23 Relative path traversal.

ADP Enrichment

CVE Program Container

Additional References

References