CVE-2019-3943
HIGHMikroTik RouterOS < 6.42.12, < 6.43.12, < 6.44beta75 - Authenticated Path Traversal via HTTP or Winbox Interface
Title source: llmDescription
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2019-16
Scores
CVSS v3
8.1
EPSS
0.0374
EPSS Percentile
88.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-22
CWE-23
Status
published
Products (3)
mikrotik/routeros
6.41 rc31 (12 CPE variants)
mikrotik/routeros
6.42 rc11 (25 CPE variants)
mikrotik/routeros
6.43 rc11 (13 CPE variants)
Published
Apr 10, 2019
Tracked Since
Feb 18, 2026