First published: Tue Oct 29 2019(Updated: )
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
Credit: vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
MikroTik RouterOS | <=6.44.5 | |
MikroTik RouterOS | <=6.45.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.