CVE-2020-20266: Null Pointer Dereference
First published: Wed May 19 2021(Updated: )
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MikroTik RouterOS | <6.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this MikroTik RouterOS vulnerability?
The vulnerability ID for this MikroTik RouterOS vulnerability is CVE-2020-20266.
What is the severity rating of CVE-2020-20266?
The severity rating of CVE-2020-20266 is medium with a value of 6.5.
How does CVE-2020-20266 affect MikroTik RouterOS?
CVE-2020-20266 allows an authenticated remote attacker to cause a Denial of Service (NULL pointer dereference) on MikroTik RouterOS versions before 6.47 (stable tree) by exploiting a memory corruption vulnerability in the /nova/bin/dot1x process.
What is the affected software for CVE-2020-20266?
The affected software for CVE-2020-20266 is MikroTik RouterOS versions before 6.47 (stable tree).
Are there any references available for CVE-2020-20266?
Yes, references for CVE-2020-20266 can be found at the following links: [link1](https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md), [link2](https://seclists.org/fulldisclosure/2021/May/11).
- collector/nvd-index
- vendor/mikrotik
- canonical/mikrotik routeros