CVE-2019-3979
N/A
N/A
Summary
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | MikroTik RouterOS | RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. | affected |
Weaknesses
- Unrelated Data Attack (see: https://www.sans.org/reading-room/whitepapers/dns/security-issues-dns-1069)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.