PT-2023-2059 · Mikrotik · Mikrotik Routeros

Published

2023-01-12

Updated

2025-02-19

CVE-2023-24094

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS version 6.40.5

Description The issue in the bridge2 component of MikroTik RouterOS is related to errors in resource release, which can be exploited by attackers to cause a Denial of Service (DoS) via crafted packets. This can be achieved by a remote attacker sending specially formed packets.

Recommendations For MikroTik RouterOS version 6.40.5, consider disabling the bridge2 component as a temporary workaround until a patch is available. Restrict access to the bridge interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Resource Release

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-787

Related Identifiers

BDU:2023-01782

CVE-2023-24094

Affected Products

Mikrotik Routeros

PT-2023-2059 · Mikrotik · Mikrotik Routeros

CVE-2023-24094

Weakness Enumeration

Related Identifiers

Affected Products

References · 9