Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | Third Party Advisory VDB Entry |
https://seclists.org/fulldisclosure/2019/Jul/20 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-26T12:15:12
Updated: 2019-07-27T01:06:02
Reserved: 2019-07-18T00:00:00
Link: CVE-2019-13954
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-26T13:15:12.830
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-13954
JSON object: View
Redhat Information
No data.
CWE