CVE-2021-27221

Name of the Vulnerable Software and Affected Versions: MikroTik RouterOS version 6.47.9

Description: The issue allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. It is noted that the vendor considers this behavior as intended due to how user policies work. The vulnerability may allow a remote attacker to impact the integrity and availability of protected information.

Recommendations: For MikroTik RouterOS version 6.47.9, consider restricting access to the /export command for remote authenticated ftp users as a temporary workaround until the issue is resolved. Additionally, review user policies to ensure they are configured to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.