-36614: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the tr069-client process. An
authenticated remote attacker can cause a Denial of Service (NULL pointer
dereference).
Q C 于2021年7月6日周二 19:26写道:
> Advisory: three vulnerabilities found in MikroTi
Advisory: three vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) from Codesafe Team of Legendsec at Qi'anxin
Group
Product Description
Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: only CVE-2020-20227 is fixed
CVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246
Credit: Qian Chen(@cq674350529) of Qihoo 360
isn't really a security
> boundary breach, so it would be a software bug, but not a vulnerability.
> Or am I missing something?
>
> Thanks,
> Gynvael
>
> On Fri, May 7, 2021 at 5:51 PM Q C wrote:
>
>> [update 2021/05/04] Three CVEs have been assigned to these
>> vulnerabi
Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: no fix yet
CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
pointer
dereference).
CVE-2020-20253: Mikrotik RouterOs before 6.47 (stable tree) in the
/nova/bin/lcdstat process. An authenticated remote attacker can cause a
Denial of Service due to a divide by zero error.
Q C 于2020年7月7日周二 下午10:05写道:
> Advisory: four vulnerabilities found in MikroTik's Route
memory access.
CVE-2020-20225: Mikrotik RouterOs before 6.47 (stable tree) suffers from an
assertion failure vulnerability in the /nova/bin/user process. An
authenticated remote attacker can cause a Denial of Service due to an
assertion failure via a crafted packet.
Q C 于2020年9月9日周三 下午9:02写道
a
memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless
process. An authenticated remote attacker can cause a Denial of Service due
via a crafted packet.
Q C 于2020年8月27日周四 下午7:16写道:
> Advisory: three vulnerabilities found in MikroTik's RouterOS
>
>
) suffers from an
stack exhaustion vulnerability in the /nova/bin/net process. An
authenticated remote attacker can cause a Denial of Service due to
overloading the systems CPU
Q C 于2020年7月22日周三 下午8:11写道:
> Advisory: three vulnerabilities found in MikroTik's RouterOS
>
>
dereference).
CVE-2020-20262: Mikrotik RouterOs before 6.47 (stable tree) suffers from an
assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec
process. An authenticated remote attacker can cause a Denial of Service due
to an assertion failure via a crafted packet.
Q C 于2020年8月13
due to overloading the systems CPU.
CVE-2020-20218: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the /nova/bin/traceroute process. An
authenticated remote attacker can cause a Denial of Service due via the
loop counter variable.
Q C 于2020年5月10日周日 上
of Service (NULL
pointer dereference)
CVE-2020-20211: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from
an assertion failure vulnerability in the /nova/bin/console process.
An authenticated remote attacker can cause a Denial of Service due to
an assertion failure via a crafted packet
Q C
Advisory: two vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
==
RouterOS is
Advisory: three vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
==
RouterOS is
Advisory: two vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
==
RouterOS is
Advisory: three vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team
Product Description
==
RouterOS is
Advisory: four vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Affected Versions: through stable 6.47
Fixed Versions: stable 6.47
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360
Advisory: two vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Affected Versions: until stable 6.45.7 (first vulnerability), until stable
6.46.4 (second vulnerability)
Fixed Versions: stable 6.46.x (first vulnerability), stable 6.46.5 (second
the vendor, and did the initial disclosure
2020/04/14re-tested these two issues against the stable 6.46.5, and
updated the disclosure
Q C 于2020年1月6日周一 下午7:32写道:
> Advisory: two vulnerabilities found in MikroTik's RouterOS
>
>
> Details
> ===
>
> Product: MikroTik'
Advisory: two vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Affected Versions: before 6.44.6 (Long-term release tree)
Fixed Versions: 6.44.6 (Long-term release tree)
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Advisory: two vulnerabilities found in MikroTik's RouterOS
Details
===
Product: MikroTik's RouterOS
Affected Versions: before 6.44.5 (Long-term release tree),
before 6.45.1 (Stable release tree)
Fixed Versions: 6.44.5 (Long-term release tree),
6.45.1
21 matches
Mail list logo