cbcvebase.
CVE-2019-3943
published 2019-04-10

CVE-2019-3943: MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote…

PriorityP354high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EXPLOIT
EPSS
3.74%
88.5th percentile
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).

Affected

9 ranges
VendorProductVersion rangeFixed in
mikrotikrouteros<= 6.42.12
mikrotikrouteros<= 6.43.12
mikrotikrouteros
mikrotikrouteros
mikrotikrouteros
mikrotikrouteros
mikrotikrouteros
mikrotikrouteros
mikrotikrouteros

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.07.5HIGHAV:N/AC:L/Au:S/C:C/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.