Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CVE-2019-16160
[Suggested description]
An integer underflow in the SMB server of MikroTik RouterOS 6.43.16
(x86 and CHR) allows remote unauthenticated attackers to crash the
service.
------------------------------------------
[Additional Information]
The vulnerability likely affects other versions too.
The vulnerability might be exploitable to achieve RCE.
------------------------------------------
[Vulnerability Type]
Integer Overflow
------------------------------------------
[Vendor of Product]
MikroTik
------------------------------------------
[Affected Product Code Base]
RouterOS - 6.43.16
------------------------------------------
[Affected Component]
SMB server
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Attack Vectors]
Malformed SMB request (pre-auth)
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Paolo Montesel - https://thebabush.github.io/
------------------------------------------
[Reference]
https://mikrotik.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.