In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mikrotik routeros 6.47.10 |
||
mikrotik routeros 6.47.9 |
||
mikrotik routeros 6.46.8 |