UPDATE - Still no issues, 100 stable UPDATE - Zero issues since install. MikroTik RouterOS 6.42.1 Level 6 MikroTik RouterOS 6.42 Level 6 MikroTik RouterOS 6.41.4 Level 6 MikroTik RouterOS 6.41.3 Level 6 Load Balancing DoS. I checked the versions on the router and it was running RouterOS 4.67 and it had SwOS 2.7 installed. This vulnerability allows attackers to execute. Buy MikroTik 9-Port Desktop Switch, 1 Gigabit Ethernet Port, 8 SFP+ 10Gbps Ports (CRS309-1G-8S+IN). \n \n# This PoC takes a target ip/port (router) and a DNS server (e.g. Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. The DNS response then gets cached by RouterOS, setting up \n# a perfect situation for unauthenticated DNS cache poisoning. MikroTik RouterOS 7. System RouterOS v7 urzdzenie nie jest przystosowane do pracy z RouterOS v6.
, "cvelist":, "modified": "T00:00:00", "id": "PACKETSTORM:155036", "href": "", "sourceData": "`# Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning \n# Date: \n# Exploit Author: Jacob Baines \n# Vendor Homepage: \n# Software Link: \n# Version: 6.45.6 Stable (and below) or 6.44.5 Long-term (and below) \n# Tested on: Various x86 and MIPSBE RouterOS installs \n# CVE : CVE-2019-3978 \n# Writeup: \n# Disclosure: \n \n# Unauthenticated DNS request via Winbox \n# RouterOS before 6.45.7 (stable) and 6.44.6 (Long-term) allowed an unauthenticated remote user trigger DNS requests \n# to a user specified DNS server via port 8291 (winbox). MikroTik RouterOS < 6.44.6 (LTS), < 6.45.7 (Stable) Multiple Vulnerabilities.
0 kommentar(er)
