CVE-2020-5721

Summary

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router.

Affected Software

VendorProductVersion RangeStatus
n/aMikroTik WinBox3.22 and belowaffected

Weaknesses

  • CWE-260: CWE-260

ADP Enrichment

CVE Program Container

Additional References

References