Full Disclosure mailing list archives
Two vulnerabilities found in MikroTik's RouterOS
From: Q C <cq674350529 () gmail com>
Date: Mon, 6 Jan 2020 19:32:51 +0800
Advisory: two vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Affected Versions: before 6.44.6 (Long-term release tree) Fixed Versions: 6.44.6 (Long-term release tree) Vendor URL: https://mikrotik.com/ Vendor Status: fixed version released CVE: - Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team Product Description ================== RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point. Description of vulnerabilities ========================== These two vulnerabilities were tested only against the MikroTik RouterOS long-term release tree when found. Maybe other release trees also suffer from these issues. 1. The console process suffers from a memory corruption issue. An authenticated remote user can crash the console process due to a NULL pointer reference by sending a crafted packet. 2. The console process suffers from an assertion failure issue. There is a reachable assertion in the console process. An authenticated remote user can crash the console process duo to assertion failure by sending a crafted packet. Solution ======== Upgrade to the corresponding latest RouterOS tree version. References ========== [1] https://mikrotik.com/download/changelogs/long-term-release-tree _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Two vulnerabilities found in MikroTik's RouterOS Q C (Jan 07)