ASA-2019-00525 – MikroTik RouterOS: Authenticated Arbitrary File Deletion Vulnerability

An authenticated arbitrary file deletion vulnerability exists in the MikroTik's RouterOS. Successful exploitation of this vulnerability would allow a remote authenticated attacker to delete arbitrary file on the system, which could lead to privilege escalation.

ASA-2019-00474 – Mikrotik RouterOS: Stack exhaustion via recuring parsing of JSON

This vulnerability is similar to the CVE-2018-1158. An authenticated user communicating with the www binary can trigger a stack exhaustion vulnerability via recursive parsing of JSON containing message type M.