Lucene search
TenableCVELIST:CVE-2019-3977HistoryOct 28, 2019 - 9:34 p.m.
CVE-2019-3977
2019-10-2821:34:37
CWE-494
tenable
www.cve.org
1
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into “upgrading” to an older version of RouterOS and possibly reseting all the system’s usernames and passwords.
CNA Affected
[
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
]Related
prion
prion
Design/Logic Flaw
2019-10-29 19:15:00
nessus
nessus
MikroTik RouterOS Download of Code Without Integrity Check (CVE-2019-3977)
2024-02-27 00:00:00
MikroTik RouterOS < 6.44.6 LTS or 6.45.x < 6.45.7 Multiple Vulnerabilities
2019-10-31 00:00:00
nvd
nvd
CVE-2019-3977
2019-10-29 19:15:20
cve
cve
CVE-2019-3977
2019-10-29 19:15:20
openvas
openvas
MikroTik RouterOS < 6.44.6 (LTS), < 6.45.7 (Stable) Multiple Vulnerabilities
2019-10-30 00:00:00
threatpost
threatpost
How MikroTik Routers Became a Cybercriminal Target
2021-12-09 15:56:16
thn
thn
Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs
2021-12-09 11:15:00