CVE-2019-3943

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions Stable 6.43.12 and below MikroTik RouterOS versions Long-term 6.42.12 and below MikroTik RouterOS versions Testing 6.44beta75 and below

Description The issue is related to directory traversal errors in the restricted access directory path. An authenticated, remote attack can exploit this to read and write files outside of the sandbox directory (/rw/disk) via the HTTP or Winbox interfaces.

Recommendations For MikroTik RouterOS versions Stable 6.43.12 and below, update to a version above 6.43.12 to resolve the issue. For MikroTik RouterOS versions Long-term 6.42.12 and below, update to a version above 6.42.12 to resolve the issue. For MikroTik RouterOS versions Testing 6.44beta75 and below, update to a version above 6.44beta75 to resolve the issue. As a temporary workaround, consider restricting access to the HTTP and Winbox interfaces until a patch is available.