CVE-2019-3977
N/A
N/A
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | MikroTik RouterOS | RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. | affected |
Weaknesses
- CWE-494: CWE-494 Insufficient checks on origin
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.