CVE-2019-3943

CVE-2019-3943

Vendor Mikrotik

Product RouterOS

Weakness CWE-23

Published April 10, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).

Key dates

02Disclosure timeline

April 10, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3943

Related vulnerabilities

Identifiers

CVE CVE-2019-3943

CWE CWE-23

Affected versions

Vendor Mikrotik

Product RouterOS

Affected Stable 6.43.12 and below

Vendor Mikrotik

Product RouterOS

Affected Long-term 6.42.12 and below

Vendor Mikrotik

Product RouterOS

Affected Testing 6.44beta75 and below

01Description

02Disclosure timeline

03References

04Related CVE