How severe is CVE-2019-3977?

CVE-2019-3977 has a CVSS v3 score of 7.5 (HIGH).

CVE-2019-3977

Name: routeros
Author: mikrotik

7.5HIGH

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick

Published: 10/29/2019Updated: 11/21/2024

Description

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.

AI AnalysisPowered by AI

Affected Products

mikrotikrouteros

References

https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory
https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory