Out-of-Bounds Read in MikroTik RouterOS - Vulnerability in Hotspot Process
CVE-2022-45313

8.8HIGH

Key Information:

Vendor: Mikrotik
Status: Routeros
Vendor: CVE Published:; 5 December 2022

What is CVE-2022-45313?

Mikrotik RouterOS, prior to version 7.5, has a vulnerability located in the hotspot process that allows an out-of-bounds read. This flaw can be exploited by attackers through a specially crafted nova message, potentially enabling them to execute arbitrary code on the affected system. It is crucial for users to stay updated with the latest patches to mitigate risks associated with this vulnerability.

References

https://github.com/cq674350529/pocs_slides/blob/master/ad...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2022
Vulnerability Reserved
Nov 14, 2022