{"containers": {"cna": {"affected": [{"product": "RouterOS", "vendor": "MikroTik", "versions": [{"status": "affected", "version": "Stable 6.43.12 and below"}, {"status": "affected", "version": "Long-term 6.42.12 and below"}, {"status": "affected", "version": "Testing 6.44beta75 and below"}]}], "datePublic": "2019-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "CWE-23 Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-10T20:01:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2019-16"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3943", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RouterOS", "version": {"version_data": [{"version_value": "Stable 6.43.12 and below"}, {"version_value": "Long-term 6.42.12 and below"}, {"version_value": "Testing 6.44beta75 and below"}]}}]}, "vendor_name": "MikroTik"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-23 Path Traversal"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2019-16", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-16"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:26:27.694Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2019-16"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3943", "datePublished": "2019-04-10T20:01:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:27.694Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*", "matchCriteriaId": "ACADC6D1-CFEF-4F9D-966C-64D3BB0C2256", "versionEndIncluding": "6.42.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*", "matchCriteriaId": "829F9974-1A56-4391-AFA9-4BB4B3096AFD", "versionEndIncluding": "6.43.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc31:*:*:testing:*:*:*", "matchCriteriaId": "C7DDCBF9-152C-421C-B326-CCFB62A42C17", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc32:*:*:testing:*:*:*", "matchCriteriaId": "AA89BEC4-62A8-4DA7-AB2A-2D18A643E3F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc34:*:*:testing:*:*:*", "matchCriteriaId": "BCA389CA-532D-432C-A5C0-69C3CFA207C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc37:*:*:testing:*:*:*", "matchCriteriaId": "5C950CF8-62A1-4A26-9133-108DAB661394", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc38:*:*:testing:*:*:*", "matchCriteriaId": "EB7ECE0C-B21E-4EFB-85D3-1A5A846D75FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc44:*:*:testing:*:*:*", "matchCriteriaId": "3FC3F259-1C2A-4393-86E2-103495570F49", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc47:*:*:testing:*:*:*", "matchCriteriaId": "C097CA40-9528-43DF-B3B7-59722AE5866A", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc50:*:*:testing:*:*:*", "matchCriteriaId": "A3793BBE-8E1A-4C07-9A52-E6DA4FE0DD3D", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc52:*:*:testing:*:*:*", "matchCriteriaId": "CE5A816B-6663-4633-886A-AD7E3CBA5E33", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc56:*:*:testing:*:*:*", "matchCriteriaId": "B851706B-4A98-4FD3-99B0-CE239D419808", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc61:*:*:testing:*:*:*", "matchCriteriaId": "40D21FB7-E7C5-46B4-B89A-81F84EEB62B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc66:*:*:testing:*:*:*", "matchCriteriaId": "5AAB3F87-47C7-4726-8DF1-09261C7C0613", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:testing:*:*:*", "matchCriteriaId": "B353D6FD-C9FD-4458-82AA-F9FE168B04D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:testing:*:*:*", "matchCriteriaId": "B5A92D37-C91C-4229-9B6D-C8FDB5C1DED7", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:testing:*:*:*", "matchCriteriaId": "E8B77E44-F502-4164-95A7-60C53F4C465A", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:testing:*:*:*", "matchCriteriaId": "EAF10AE7-F48F-4FEC-A43A-7E5A45AF5B9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*", "matchCriteriaId": "CB43A291-A77C-445D-9F68-1FA21C257561", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:testing:*:*:*", "matchCriteriaId": "EF252049-8D6D-47D7-9543-3B53D7D0DA6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:testing:*:*:*", "matchCriteriaId": "48006BD1-EF86-4205-A1F7-C8A0D3D73EAE", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:testing:*:*:*", "matchCriteriaId": "4F4D0CB8-F170-49E1-BB20-E4A3698FCE69", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*", "matchCriteriaId": "A6A9B305-ECE5-45C6-8417-BC2AAF9F4FE2", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:testing:*:*:*", "matchCriteriaId": "E76F79DB-F504-4495-B992-E895B0F0871E", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:testing:*:*:*", "matchCriteriaId": "D2B6691E-55DA-4D39-BD80-2BCF16952308", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:testing:*:*:*", "matchCriteriaId": "A710D231-1F22-4F38-B228-30CDF0169149", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:testing:*:*:*", "matchCriteriaId": "F83EF0A6-CA00-404C-AC6C-14BB10C329B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:testing:*:*:*", "matchCriteriaId": "CDA42D78-29F2-48B4-9422-3D39BA408E43", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:testing:*:*:*", "matchCriteriaId": "6643B0FC-93D5-4F10-AC3C-323F598C5013", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:testing:*:*:*", "matchCriteriaId": "02F11653-1822-4D53-A6ED-745AC401AD4B", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:testing:*:*:*", "matchCriteriaId": "9BF25BBD-CF35-4EE1-8A7A-EEEBD662E0DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:testing:*:*:*", "matchCriteriaId": "2D70CCC2-48CF-4DAA-ABDF-B81F3DAA7EBC", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:testing:*:*:*", "matchCriteriaId": "7DF5E7C1-0426-4B1E-A44F-C91AF4F0CCAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:testing:*:*:*", "matchCriteriaId": "DB9A9D2C-697D-4ED3-9DBC-7A783C35DA91", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:testing:*:*:*", "matchCriteriaId": "C50C6C42-A148-4CBF-B843-D2DB89104387", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:testing:*:*:*", "matchCriteriaId": "525C6344-D579-4697-B092-94E75EAD7755", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:testing:*:*:*", "matchCriteriaId": "F81532B9-1525-417E-8BF2-E4A8055D2DE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:testing:*:*:*", "matchCriteriaId": "8F9181C2-FF73-4BDF-90EE-00F6B066B7EC", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:testing:*:*:*", "matchCriteriaId": "A44766F0-BCBF-433B-BEB0-13EB334899EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc11:*:*:testing:*:*:*", "matchCriteriaId": "2FA5B37B-9EB7-4A1C-9A20-26AFAEC2F221", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc12:*:*:testing:*:*:*", "matchCriteriaId": "D1D9CCDE-2F9A-4F6F-A457-B9671E1B5874", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc14:*:*:testing:*:*:*", "matchCriteriaId": "73E3C281-E554-412F-941A-B55BA70AC7F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc17:*:*:testing:*:*:*", "matchCriteriaId": "7F4223D5-0C3D-4C7E-A7B3-D1074A2FE75C", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc19:*:*:testing:*:*:*", "matchCriteriaId": "0A088124-8494-4E57-87C0-E75EEA4098DF", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc21:*:*:testing:*:*:*", "matchCriteriaId": "090A232C-1F78-4C92-854D-BA91398770D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc23:*:*:testing:*:*:*", "matchCriteriaId": "E4A4F1E1-2510-487D-AC6A-68D4450CDA06", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc27:*:*:testing:*:*:*", "matchCriteriaId": "28D50A65-95AF-479C-9661-35378B3ED2B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc29:*:*:testing:*:*:*", "matchCriteriaId": "8F478173-186D-436D-A200-4F20A7303630", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc3:*:*:testing:*:*:*", "matchCriteriaId": "8E009CEF-1FE9-47B4-BC46-382D972B47EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc32:*:*:testing:*:*:*", "matchCriteriaId": "E8E34937-3118-4FA0-B5CD-BA14F64507A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc34:*:*:testing:*:*:*", "matchCriteriaId": "9D9786EA-C661-4478-AFA0-00728CBB246D", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc4:*:*:testing:*:*:*", "matchCriteriaId": "13F7DF28-170C-44E9-B39C-AB4B85B42201", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc40:*:*:testing:*:*:*", "matchCriteriaId": "9823F4EF-9B49-4E4F-8B89-DF02D61C5146", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc42:*:*:testing:*:*:*", "matchCriteriaId": "06860FB4-20D8-43B7-B530-CAD0BA186EF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc44:*:*:testing:*:*:*", "matchCriteriaId": "25882AF0-E9A2-4952-A1E3-755A1DBA2D86", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc45:*:*:testing:*:*:*", "matchCriteriaId": "FE03C935-AC83-4B23-ABA2-67F759F10EA9", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc5:*:*:testing:*:*:*", "matchCriteriaId": "BD83DCDC-20D5-4580-99BF-79981E081B7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc51:*:*:testing:*:*:*", "matchCriteriaId": "AFE7F815-2B2C-4F22-B1C9-0F13257160C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc56:*:*:testing:*:*:*", "matchCriteriaId": "F662E59F-7C43-4157-83AF-30CDC8CFFEEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc6:*:*:testing:*:*:*", "matchCriteriaId": "85377655-60CC-43C9-96E3-21C136FF0ACE", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc64:*:*:testing:*:*:*", "matchCriteriaId": "8763E04A-F260-498D-8ABB-0655844B5ECD", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc66:*:*:testing:*:*:*", "matchCriteriaId": "2EB5142B-7FA6-4B74-A462-28C6E1039B76", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc7:*:*:testing:*:*:*", "matchCriteriaId": "C5B8D222-A633-490C-ADA4-DDF7727B4A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta14:*:*:testing:*:*:*", "matchCriteriaId": "8D2D7A0A-8A4A-412B-9146-BAB84270DCE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta17:*:*:testing:*:*:*", "matchCriteriaId": "2FEE0259-3406-41DD-A043-87FD52CFD2DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta20:*:*:testing:*:*:*", "matchCriteriaId": "8A8F6139-9A63-4A8A-ACB1-344B36422A61", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta28:*:*:testing:*:*:*", "matchCriteriaId": "3FD287C7-0032-4CB0-96AF-24D63FE10D45", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta39:*:*:testing:*:*:*", "matchCriteriaId": "2C1433B6-773B-4922-B9FF-4D7255114C3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta40:*:*:testing:*:*:*", "matchCriteriaId": "C90C3B68-82AE-4833-BF41-98F5BFB03D78", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta50:*:*:testing:*:*:*", "matchCriteriaId": "ADE50771-AED1-410A-9BCC-6AE5EB46D278", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta54:*:*:testing:*:*:*", "matchCriteriaId": "B139016D-08F7-4085-ADD9-16396C9B3440", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta6:*:*:testing:*:*:*", "matchCriteriaId": "A0236F88-103D-4CCD-8F6E-440048378E5E", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta61:*:*:testing:*:*:*", "matchCriteriaId": "BC6967CF-6B88-48F9-8D81-FE4930F400E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta75:*:*:testing:*:*:*", "matchCriteriaId": "019DD6AA-08AD-4A9F-9817-21C776260B0E", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta9:*:*:testing:*:*:*", "matchCriteriaId": "B45EB891-09D4-436E-AC6A-A53CC4A6C6EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."}, {"lang": "es", "value": "Las versiones de MikroTik RouterOS Stable versi\u00f3n 6.43.12 y versiones posteriores, Long-term versi\u00f3n 6.42.12 y versiones posteriores, y Testing versi\u00f3n 6.44beta75 y versiones anteriores son vulnerables a un salto de directorio remoto autenticado por medio de las interfaces HTTP o Winbox. Un ataque remoto autenticado puede usar esta vulnerabilidad para leer y escribir archivos fuera del directorio sandbox (/rw/disk)."}], "id": "CVE-2019-3943", "lastModified": "2024-11-21T04:42:54.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 7.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-10T21:29:01.823", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2019-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2019-16"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "vulnreport@tenable.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}