CVE-2019-3924

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions prior to 6.43.12 MikroTik RouterOS versions prior to 6.42.12

Description The issue is related to privilege management errors in the operating system. It allows a remote attacker to bypass firewall policies. The software executes user-defined network requests to both WAN and LAN clients, which can be used for bypassing the router's firewall or for network scanning activities.

Recommendations For versions prior to 6.43.12, update to version 6.43.12 or later. For versions prior to 6.42.12, update to version 6.42.12 or later. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-441CWE-269

Related Identifiers

BDU:2019-00991

CVE-2019-3924

Affected Products

Mikrotik Routeros

Routeros

CVE-2019-3924

Weakness Enumeration

Related Identifiers

Affected Products

References · 9