6.8
CVSSv2

CVE-2019-13954

Published: 26/07/2019 Updated: 07/08/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Vulnerability Summary

Mikrotik RouterOS prior to 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.

Vulnerability Trend

Affected Products

Vendor Product Versions
MikrotikRouteros-, 3.30, 4.10, 4.17, 5.0, 5.7, 5.8, 5.9, 5.11, 5.12, 5.13, 5.14, 5.15, 5.16, 5.17, 5.18, 5.19, 5.20, 5.21, 5.22, 5.23, 5.24, 5.25, 5.26, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.9, 6.10, 6.11, 6.12, 6.13, 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.21.1, 6.22, 6.23, 6.24, 6.25, 6.26, 6.27, 6.28, 6.29, 6.29.1, 6.30, 6.30.1, 6.30.2, 6.30.4, 6.32.1, 6.32.2, 6.32.3, 6.32.4, 6.33, 6.33.1, 6.33.2, 6.33.3, 6.33.5, 6.33.6, 6.34, 6.34.1, 6.34.2, 6.34.3, 6.34.4, 6.34.5, 6.34.6, 6.35, 6.35.1, 6.35.2, 6.35.4, 6.36, 6.36.1, 6.36.2, 6.36.3, 6.36.4, 6.37, 6.37.1, 6.37.2, 6.37.3, 6.37.4, 6.37.5, 6.38, 6.38.1, 6.38.2, 6.38.3, 6.38.4, 6.38.5, 6.38.7, 6.39, 6.39.1, 6.39.2, 6.39.3, 6.40, 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.40.9, 6.41, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42, 6.42.1, 6.42.2, 6.42.3, 6.42.4, 6.42.5, 6.42.6, 6.42.7, 6.42.9, 6.42.10, 6.43, 6.43.1, 6.43.2, 6.43.3, 6.43.4, 6.43.11, 6.43.12, 6.44, 6.44.1, 6.44.2, 6.44.3, 6.44.4, 6.45

Mailing Lists

Advisory: two vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Affected Versions: before 6445 (Long-term release tree), before 6451 (Stable release tree) Fixed Versions: 6445 (Long-term release tree), 6451 (Stable release tree) Vendor URL: mikrotikcom/do ...