CVE-2020-11881

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions 6.41.3 through 6.46.5 MikroTik RouterOS versions 7.x through 7.0 Beta5

Description The issue is related to an array index error that can be exploited by an unauthenticated remote attacker to crash the SMB server. This is achieved by sending modified setup-request packets.

Recommendations For versions 6.41.3 through 6.46.5, update to a version outside of this range to resolve the issue. For versions 7.x through 7.0 Beta5, update to a version later than 7.0 Beta5 to resolve the issue. As a temporary workaround, consider restricting access to the SMB server until a patch is available.