PT-2019-2662 · Mikrotik · Mikrotik+1

Published

2019-07-01

Updated

2020-08-24

CVE-2019-13074

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MikroTik routers versions through 6.44.3

Description A vulnerability in the FTP daemon could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management. The issue is related to uncontrolled memory allocation, which can be exploited by remote attackers to reboot the device.

Recommendations For versions through 6.44.3, consider disabling the FTP daemon as a temporary workaround until a patch is available. Restrict access to the FTP service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-789

Related Identifiers

BDU:2019-02548

CVE-2019-13074

Affected Products

Mikrotik

Mikrotik Routeros

PT-2019-2662 · Mikrotik · Mikrotik+1

CVE-2019-13074

Weakness Enumeration

Related Identifiers

Affected Products

References · 7