First published: Tue Oct 29 2019(Updated: )
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
Credit: vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
MikroTik RouterOS | <=6.44.5 | |
MikroTik RouterOS | <=6.45.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.