Published: 26/08/2019 Updated: 04/09/2019
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Vulnerability Summary

MikroTik RouterOS up to and including 6.44.5 and 6.45.x up to and including 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.

Vulnerability Trend

Affected Products

Vendor Product Versions
MikrotikRouteros6.44.5, 6.45, 6.45.1, 6.45.2, 6.45.3