Vulnerability identifier: #VU7691
Vulnerability risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
MikroTik RouterOS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: MikroTik
Description
Multiple issues have been fixed in Mikrotik RouterOS 6.40. Due to vendor’s policy not to report on security issues, we treat all new releases as security updates.
The list of bugfixes:Mitigation
Update to version 6.40.1.
Vulnerable software versions
MikroTik RouterOS: 6.40
External links
http://mikrotik.com/download/changelogs/current-release-tree
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.