Vulnerability identifier: #VU20428
Vulnerability risk: Low
Exploitation vector: Local network
Exploit availability: No
The vulnerability allows a remote attacker to delete arbitrary files.
The vulnerability exists due to insufficient validation of the disk name. A remote authenticated attacker can reset credential storage, access to the management interface as an administrator without authentication and delete arbitrary files.
Install update from vendor's website.
Vulnerable software versions
MikroTik RouterOS: 6.44, 6.44.1, 6.44.2, 6.44.3, 6.44.4, 6.44.5, 6.45, 6.45.1, 6.45.2, 6.45.3
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.