Resource Exhaustion Vulnerability in MikroTik Routers
CVE-2019-13074

7.5HIGH

Key Information:

Vendor: Mikrotik
Status: Routeros
Vendor: CVE Published:; 3 July 2019

What is CVE-2019-13074?

A vulnerability exists in the FTP daemon of MikroTik routers running versions up to 6.44.3 that permits remote attackers to consume all available memory. This resource exhaustion may lead to unexpected reboots of the affected devices, disrupting services and potentially exposing sensitive data. Proper management and monitoring of FTP services are essential to mitigate such risks.

References

https://forum.mikrotik.com/viewtopic.php?t=150045

x_refsource_CONFIRM

https://mikrotik.com/download/changelogs/stable-release-tree

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2019
Vulnerability Reserved
Jun 30, 2019

Mikrotik

What is CVE-2019-13074?

References

CVSS V3.1

Timeline