CVE-2022-45313

Name of the Vulnerable Software and Affected Versions Mikrotik RouterOs versions prior to stable v7.5

Description The issue is related to an out-of-bounds read in the hotspot process, allowing attackers to execute arbitrary code via a crafted nova message. This is due to a buffer overflow vulnerability when handling a negative u32 id value, which can be exploited by sending specially crafted messages, potentially enabling remote code execution.

Recommendations For versions prior to stable v7.5, update to stable v7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the hotspot process until a patch is available.