CyberSec.Space Logo
Back to CVE Browser

CVE-2019-3976

HIGH
8.8
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile44.48th
PublishedOct 29, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.

Affected Platforms (CPE)

💻
Mikrotik

Routeros

<= 6.44.5
💻
Mikrotik

Routeros

<= 6.45.6

References & Advisories

🔗 https://www.tenable.com/security/research/tra-2019-46
🔗 https://www.tenable.com/security/research/tra-2019-46

Related Vulnerabilities

CVE-2018-74459.8

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attacker...

CVE-2017-201499.8

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A...

CVE-2018-148479.1

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers ...

CVE-2018-11568.8

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vuln...