What the vulnerability does

01Description

MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack.

Key dates

02Disclosure timeline

February 6, 2020 CVE published
August 4, 2024 Record updated