What the vulnerability does

01Description

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning

Key dates

02Disclosure timeline

October 28, 2019 CVE published
August 4, 2024 Record updated