CVE-2019-3977
CVE-2019-3977
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
Affected products
n/a · MikroTik RouterOSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →