Vulnerabilities > Mikrotik > Routeros > 6.44.5

DATE CVE VULNERABILITY TITLE RISK
2019-10-29 CVE-2019-3979 Insufficient Verification of Data Authenticity vulnerability in Mikrotik Routeros
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack.
network
low complexity
mikrotik CWE-345
7.5
7.5
2019-10-29 CVE-2019-3978 Missing Authentication for Critical Function vulnerability in Mikrotik Routeros
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291.
network
low complexity
mikrotik CWE-306
7.5
7.5
2019-10-29 CVE-2019-3977 Download of Code Without Integrity Check vulnerability in Mikrotik Routeros
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature.
network
low complexity
mikrotik CWE-494
7.5
7.5
2019-10-29 CVE-2019-3976 Path Traversal vulnerability in Mikrotik Routeros
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field.
network
low complexity
mikrotik CWE-22
8.8
8.8