MikroTik WinBox before 3.21 is vulnerable to a path traversal issue that allows an attacker to write files anywhere on the system where WinBox has write privileges.
Tag: MikroTik
ASA-2019-00619 – MikroTik RouterOS: Improper DNS Response Handling
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records
ASA-2019-00618 – MikroTik RouterOS: Insufficient Protections of a Critical Resource (DNS Requests/Cache)
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning.
ASA-2019-00617 – MikroTik RouterOS: Insufficient Validation of Upgrade Package’s Origin
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
ASA-2019-00616 – MikroTik RouterOS: Relative Path Traversal in NPK Parsing
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
ASA-2019-00525 – MikroTik RouterOS: Authenticated Arbitrary File Deletion Vulnerability
An authenticated arbitrary file deletion vulnerability exists in the MikroTik's RouterOS. Successful exploitation of this vulnerability would allow a remote authenticated attacker to delete arbitrary file on the system, which could lead to privilege escalation.
ASA-2019-00474 – Mikrotik RouterOS: Stack exhaustion via recuring parsing of JSON
This vulnerability is similar to the CVE-2018-1158. An authenticated user communicating with the www binary can trigger a stack exhaustion vulnerability via recursive parsing of JSON containing message type M.
ASA-2019-00473 – Mikrotik RouterOS: Memory exhaustion via a crafted POST request
This vulnerability is similar to the CVE-2018-1157. An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. It's because of the incomplete fix for the CVE-2018-1157.