Description
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MikroTik | RouterOS | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2019-13550 | MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk). |
References
| Link | Providers |
|---|---|
| https://www.tenable.com/security/research/tra-2019-16 |
|
History
Tue, 15 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: tenable
Published:
Updated: 2024-08-04T19:26:27.694Z
Reserved: 2019-01-03T00:00:00.000Z
Link: CVE-2019-3943
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-10T21:29:01.823
Modified: 2024-11-21T04:42:54.907
Link: CVE-2019-3943
Redhat
No data.
OpenCVE Enrichment
No data.