CVE-2017-20149
First published: Sat Oct 15 2022(Updated: )
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MikroTik RouterOS | <6.37.5 | |
| MikroTik RouterOS | >=6.38<6.38.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2017-20149.
What is the severity level of CVE-2017-20149?
The severity level of CVE-2017-20149 is critical with a severity value of 9.8.
What is the affected software for CVE-2017-20149?
The affected software for CVE-2017-20149 is MikroTik RouterOS before Stable 6.38.5 and Long-term 6.37.5.
How can an attacker exploit CVE-2017-20149?
An attacker can exploit CVE-2017-20149 by sending a crafted HTTP request to the MikroTik RouterOS web server.
Is there a fix for CVE-2017-20149?
Yes, the fix for CVE-2017-20149 is to update to Stable 6.38.5 or Long-term 6.37.5 of MikroTik RouterOS.
- collector/nvd-index
- agent/severity
- agent/author
- vendor/mikrotik
- canonical/mikrotik routeros
- version/mikrotik routeros/6.38