PT-2019-1524 · Mikrotik · Routeros+1

Jacob Baines

Publicado

2019-02-04

Atualizado

2025-08-15

CVE-2019-3924

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions prior to 6.43.12 MikroTik RouterOS versions prior to 6.42.12

Description The issue is related to privilege management errors in the operating system. It allows a remote attacker to bypass firewall policies. The software executes user-defined network requests to both WAN and LAN clients, which can be used for bypassing the router's firewall or for network scanning activities.

Recommendations For versions prior to 6.43.12, update to version 6.43.12 or later. For versions prior to 6.42.12, update to version 6.42.12 or later. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-441CWE-269

Identificadores relacionados

BDU:2019-00991

CVE-2019-3924

Produtos afetados

Mikrotik Routeros

Routeros

PT-2019-1524 · Mikrotik · Routeros+1

CVE-2019-3924

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9