NULL Pointer Dereference Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 /cq674350529 reference. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. Additionally vulnerabilities may be tagged under a different product or component name. It may take a day or so for new Mikrotik vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Last year, the average CVE base score was greater by 0.58
Right now, Mikrotik is on track to have less security vulnerabilities in 2023 than it did last year. Last year Mikrotik had 10 security vulnerabilities published. In 2023 there have been 1 vulnerability in Mikrotik with an average score of 7.5 out of ten. MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. MikroTik Router OS Directory Traversal Vulnerability Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability The following Mikrotik vulnerabilities have been marked by CISA as Known to be Exploited by threat actors. Watch Known Exploited Mikrotik Vulnerabilities
0 kommentar(er)
