MikroTik RouterOS versions prior to 6.44.6 suffer from memory corruption and assertion failure vulnerabilities.
b9e283a6208f56a952f99e2174e47221c663e9cd7c8f17571ff9c7c8eeb5c785Advisory: two vulnerabilities found in MikroTik's RouterOS
Details
=======
Product: MikroTik's RouterOS
Affected Versions: before 6.44.6 (Long-term release tree)
Fixed Versions: 6.44.6 (Long-term release tree)
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
==================
RouterOS is the operating system used on the MikroTik's devices, such as
switch, router and access point.
Description of vulnerabilities
==========================
These two vulnerabilities were tested only against the MikroTik RouterOS
long-term release tree when found. Maybe other release trees also suffer
from these issues.
1. The console process suffers from a memory corruption issue.
An authenticated remote user can crash the console process due to a NULL
pointer reference by sending a crafted packet.
2. The console process suffers from an assertion failure issue. There is a
reachable assertion in the console process. An authenticated remote user
can crash the console process duo to assertion failure by sending a crafted
packet.
Solution
========
Upgrade to the corresponding latest RouterOS tree version.
References
==========
[1] https://mikrotik.com/download/changelogs/long-term-release-tree
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed