Main Vulnerability Database Exploits ID:5866 - Exploit for Incorrect permission assignment for critical resource in MikroTik RouterOS - CVE-2019-3978

ID:5866 - Exploit for Incorrect permission assignment for critical resource in MikroTik RouterOS - CVE-2019-3978

Published: June 17, 2021

Vulnerability identifier: #VU22426

Vulnerability risk: Medium

CVE-ID: CVE-2019-3978

CWE-ID: CWE-732

Exploitation vector: Remote access

Vulnerable software:
MikroTik RouterOS

Link to public exploit:

https://www.exploit-db.com/exploits/47566/

Vulnerability description

The vulnerability allows a remote attacker to perform DNS cache poisoning attacks.

The vulnerability exists due to RouterOS allows a remote attacker to initiate DNS queries via port 8291/TCP. A remote attacker can force the router to send DNS requests to an attacker-contorted server and poison router's DNS cache.

Remediation

Install updates from vendor's website.

ID:5866 - Exploit for Incorrect permission assignment for critical resource in MikroTik RouterOS - CVE-2019-3978

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human