CVE-2020-5720

Summary

MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack.

Affected Software

VendorProductVersion RangeStatus
n/aMikroTik WinBoxAll versions prior to version 3.21affected

Weaknesses

  • CWE-22: Path Traversal File Writing (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

References