CVE-2019-15055

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions 6.44.5 and earlier MikroTik RouterOS versions 6.45.x through 6.45.3

Description The issue arises from improper handling of the disk name, allowing authenticated users to delete arbitrary files. This can be exploited to reset credential storage, enabling access to the management interface as an administrator without authentication. The vulnerability is also due to insufficient input validation, which can allow a remote attacker to delete arbitrary files, gain access to the target system with administrator privileges, and modify the administrator password.

Recommendations For MikroTik RouterOS versions 6.44.5 and earlier, update to a version later than 6.44.5 to resolve the issue. For MikroTik RouterOS versions 6.45.x through 6.45.3, update to a version later than 6.45.3 to resolve the issue. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation.