← Back

CVE-2019-3924

nvd nist
Published: Feb 20, 2019Modified: Aug 15, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.

Affected (2)

Products: Mikrotik: Routeros
Mikrotik
1 product
Routeros
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Mikrotik
Routeros
Before 6.43.12
Routeros
Before 6.42.12

Related CWEs

CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')
The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

References (6)

Source: vulnreport@tenable.com
Third Party AdvisoryVDB Entry
Source: vulnreport@tenable.com
ExploitThird Party AdvisoryVDB Entry
Source: vulnreport@tenable.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.