CVE-2022-45315

Name of the Vulnerable Software and Affected Versions Mikrotik RouterOs versions prior to stable v7.6

Description The issue is related to an out-of-bounds read in the snmp process, allowing attackers to execute arbitrary code via a crafted packet. This is due to a buffer overflow vulnerability when handling the u32 id key. The vulnerability can be exploited by sending specially crafted packets, enabling remote attackers to execute arbitrary code.

Recommendations For versions prior to stable v7.6, update to stable v7.6 or later to resolve the issue. As a temporary workaround, consider disabling the SNMP process until a patch is available. Restrict access to the SNMP module to minimize the risk of exploitation. Avoid using the u32 id key in the affected SNMP process until the issue is resolved.