CVE-2019-13074
First published: Wed Jul 03 2019(Updated: )
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MikroTik RouterOS | <=6.44.3 | |
| Mikrotik CCR1009-7G-1C-1S+ | ||
| Mikrotik CCR1009-7G-1C-1S+PC | ||
| Mikrotik CCR1009-7G-1C-1S+PC | ||
| Mikrotik CCR1016-12G | ||
| Mikrotik CCR1016-12S-1S+ | ||
| Mikrotik CCR1036-12G-4S | ||
| Mikrotik CCR1036-12G-4S | ||
| Mikrotik CCR1036-8G-2S+ | ||
| Mikrotik CCR1036-8G-2S+EM | ||
| Mikrotik CCR1072-1G-8S+ | ||
| Mikrotik Hex Lite | ||
| Mikrotik Hex Lite | ||
| Mikrotik Hex Poe Lite | ||
| Mikrotik Hex Poe Lite | ||
| Mikrotik Hex S | ||
| Mikrotik Powerbox | ||
| Mikrotik Powerbox Pro | ||
| Mikrotik RB1100AHx4 | ||
| Mikrotik RB1100AHx4 | ||
| MikroTik RouterBOARD RB2011IL-IN | ||
| Mikrotik RB2011IL-RM | ||
| Mikrotik RB2011ILS-IN | ||
| Mikrotik RB2011UiAS-IN | ||
| Mikrotik Rb3011uias-rm | ||
| Mikrotik RB3011UiAS-RM | ||
| Mikrotik RB4011IGS+RM |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-13074?
CVE-2019-13074 is considered to be of high severity due to its potential to allow remote attackers to exhaust device memory.
How do I fix CVE-2019-13074?
To mitigate CVE-2019-13074, upgrade the MikroTik router to version 6.44.4 or higher that contains the necessary security patches.
What systems are affected by CVE-2019-13074?
CVE-2019-13074 affects MikroTik routers running RouterOS version 6.44.3 or earlier.
What exploitation method is used in CVE-2019-13074?
CVE-2019-13074 can be exploited by remote attackers through the FTP daemon to consume excessive memory resources.
Are there any known workarounds for CVE-2019-13074?
As a workaround for CVE-2019-13074, disabling the FTP service on vulnerable MikroTik devices can help prevent exploitation.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mikrotik
- canonical/mikrotik routeros
- version/mikrotik routeros/6.44.3
- canonical/mikrotik ccr1009-7g-1c-1s+
- canonical/mikrotik ccr1009-7g-1c-1s+pc
- canonical/mikrotik ccr1016-12g
- canonical/mikrotik ccr1016-12s-1s+
- canonical/mikrotik ccr1036-12g-4s
- canonical/mikrotik ccr1036-8g-2s+
- canonical/mikrotik ccr1036-8g-2s+em
- canonical/mikrotik ccr1072-1g-8s+
- canonical/mikrotik hex lite
- canonical/mikrotik hex poe lite
- canonical/mikrotik hex s
- canonical/mikrotik powerbox
- canonical/mikrotik powerbox pro
- canonical/mikrotik rb1100ahx4
- canonical/mikrotik routerboard rb2011il-in
- canonical/mikrotik rb2011il-rm
- canonical/mikrotik rb2011ils-in
- canonical/mikrotik rb2011uias-in
- canonical/mikrotik rb3011uias-rm
- canonical/mikrotik rb4011igs+rm