PT-2022-11520 · Mikrotik · Routeros+1

Published

2022-03-16

Updated

2022-06-30

CVE-2021-41987

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mikrotik RouterOS versions 6.46.8 through 6.47.10

Description A heap-based buffer overflow issue exists in the SCEP Server of RouterOS, allowing an attacker to trigger remote code execution. The attacker must be aware of the scep server name value to exploit this issue.

Recommendations For versions 6.46.8 through 6.47.10, consider disabling the SCEP Server functionality until a patch is available to prevent potential remote code execution.

Exploit

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-41987

Affected Products

Mikrotik Routeros

Routeros

PT-2022-11520 · Mikrotik · Routeros+1

CVE-2021-41987

Weakness Enumeration

Related Identifiers

Affected Products

References · 4