CVE-2019-3977

CVE-2019-3977

Vendor N/A
Product MikroTik RouterOS
Weakness CWE-494 · Download without integrity check
Published October 28, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.

Key dates

02Disclosure timeline

October 28, 2019 CVE published
August 4, 2024 Record updated