CVE-2020-11881

Published: Sep 14, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.

Affected (4)

Products: Mikrotik: Routeros

Mikrotik

1 product

Routeros

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mikrotik Routeros	From 6.41.3 to 6.46.5
Mikrotik Routeros	Version 7.0 beta3
Mikrotik Routeros	Version 7.0 beta4
Mikrotik Routeros	Version 7.0 beta5

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

https://github.com/botlabsDev/CVE-2020-11881

Source: cve@mitre.org

ExploitThird Party Advisory

https://mikrotik.com

Source: cve@mitre.org

Vendor Advisory

https://github.com/botlabsDev/CVE-2020-11881

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://mikrotik.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.