Vulnerability Description
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mikrotik | Routeros | <= 6.44.3 |
| Mikrotik | Ccr1009-7G-1C-1S\+ | - |
| Mikrotik | Ccr1009-7G-1C-1S\+Pc | - |
| Mikrotik | Ccr1009-7G-1C-Pc | - |
| Mikrotik | Ccr1016-12G | - |
| Mikrotik | Ccr1016-12S-1S\+ | - |
| Mikrotik | Ccr1036-12G-4S | - |
| Mikrotik | Ccr1036-12G-4S-Em | - |
| Mikrotik | Ccr1036-8G-2S\+ | - |
| Mikrotik | Ccr1036-8G-2S\+Em | - |
| Mikrotik | Ccr1072-1G-8S\+ | - |
| Mikrotik | Hex | - |
| Mikrotik | Hex Lite | - |
| Mikrotik | Hex Poe | - |
| Mikrotik | Hex Poe Lite | - |
| Mikrotik | Hex S | - |
| Mikrotik | Powerbox | - |
| Mikrotik | Powerbox Pro | - |
| Mikrotik | Rb1100Ahx4 | - |
| Mikrotik | Rb2011Il-In | - |
Related Weaknesses (CWE)
References
- https://forum.mikrotik.com/viewtopic.php?t=150045Vendor Advisory
- https://mikrotik.com/download/changelogs/stable-release-treeRelease NotesVendor Advisory
- https://forum.mikrotik.com/viewtopic.php?t=150045Vendor Advisory
- https://mikrotik.com/download/changelogs/stable-release-treeRelease NotesVendor Advisory
FAQ
What is CVE-2019-13074?
CVE-2019-13074 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource managem...
How severe is CVE-2019-13074?
CVE-2019-13074 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13074?
Check the references section above for vendor advisories and patch information. Affected products include: Mikrotik Routeros, Mikrotik Ccr1009-7G-1C-1S\+, Mikrotik Ccr1009-7G-1C-1S\+Pc, Mikrotik Ccr1009-7G-1C-Pc, Mikrotik Ccr1016-12G.