CVE-2019-16160
| [Suggested description] | |
| An integer underflow in the SMB server of MikroTik RouterOS 6.43.16 | |
| (x86 and CHR) allows remote unauthenticated attackers to crash the | |
| service. | |
| ------------------------------------------ | |
| [Additional Information] | |
| The vulnerability likely affects other versions too. | |
| The vulnerability might be exploitable to achieve RCE. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Integer Overflow | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| MikroTik | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| RouterOS - 6.43.16 | |
| ------------------------------------------ | |
| [Affected Component] | |
| SMB server | |
| ------------------------------------------ | |
| [Attack Type] | |
| Remote | |
| ------------------------------------------ | |
| [Impact Denial of Service] | |
| true | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| Malformed SMB request (pre-auth) | |
| ------------------------------------------ | |
| [Has vendor confirmed or acknowledged the vulnerability?] | |
| true | |
| ------------------------------------------ | |
| [Discoverer] | |
| Paolo Montesel - https://thebabush.github.io/ | |
| ------------------------------------------ | |
| [Reference] | |
| https://mikrotik.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment