CVE-2020-5720: Path Traversal
First published: Thu Feb 06 2020(Updated: )
MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MikroTik Winbox | <3.21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5720?
CVE-2020-5720 is a vulnerability in MikroTik WinBox before version 3.21 that allows for a path traversal attack, enabling the creation of arbitrary files.
What is the severity of CVE-2020-5720?
CVE-2020-5720 has a severity keyword of 'medium' and a severity value of 5.9.
How does CVE-2020-5720 affect MikroTik WinBox?
CVE-2020-5720 affects MikroTik WinBox before version 3.21 by allowing the creation of arbitrary files wherever WinBox has write permissions.
How can CVE-2020-5720 be exploited?
CVE-2020-5720 can be exploited by connecting MikroTik WinBox to a malicious endpoint or through a man-in-the-middle attack.
How can I fix CVE-2020-5720?
To fix CVE-2020-5720, users should update MikroTik WinBox to version 3.21 or later.
- collector/nvd-index
- vendor/mikrotik
- canonical/mikrotik winbox