Vulnerability Description
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mikrotik | Routeros | 5.15 |
Related Weaknesses (CWE)
References
- http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/Exploit
- http://www.exploit-db.com/exploits/18817Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75327
- http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/Exploit
- http://www.exploit-db.com/exploits/18817Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75327
FAQ
What is CVE-2012-6050?
CVE-2012-6050 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request ...
How severe is CVE-2012-6050?
CVE-2012-6050 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6050?
Check the references section above for vendor advisories and patch information. Affected products include: Mikrotik Routeros.