cvelistv5 - CVE-2019-3924

CVE-2019-3924 (GCVE-0-2019-3924)

Vulnerability from cvelistv5

Published

2019-02-20 20:00

Modified

2024-09-17 02:46

Severity ?

CWE

CWE-441 - Unauthenticated Intermediary

Summary

References

URL

	Vendor	Product	Version
	Tenable	MikroTik RouterOS	Version: RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below

cnvd-2019-05572

Vulnerability from cnvd

Title

MikroTik RouterOS未认证Firewall & NAT绕过漏洞

Description

MikroTik RouterOS是MikroTik RouterBOARD硬件的操作系统。 MikroTik RouterOS 6.43.12 (stable)和6.42.12 (long-term)之前版本存在安全漏洞。远程未认证攻击者可利用该漏洞绕过路由器的防火墙或进行常规网络扫描活动。

Severity

中

Patch Name

MikroTik RouterOS未认证Firewall & NAT绕过漏洞的补丁

Patch Description

MikroTik RouterOS是MikroTik RouterBOARD硬件的操作系统。 MikroTik RouterOS 6.43.12 (stable)和6.42.12 (long-term)之前版本存在安全漏洞。远程未认证攻击者可利用该漏洞绕过路由器的防火墙或进行常规网络扫描活动。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://mikrotik.com/download

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-3924

Impacted products

Name
['MicroTik RouterOS <6.42.12 (long-term)', 'MicroTik RouterOS <6.43.12 (stable)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-3924"
    }
  },
  "description": "MikroTik RouterOS\u662fMikroTik RouterBOARD\u786c\u4ef6\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nMikroTik RouterOS 6.43.12 (stable)\u548c6.42.12 (long-term)\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8def\u7531\u5668\u7684\u9632\u706b\u5899\u6216\u8fdb\u884c\u5e38\u89c4\u7f51\u7edc\u626b\u63cf\u6d3b\u52a8\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://mikrotik.com/download",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-05572",
  "openTime": "2019-02-27",
  "patchDescription": "MikroTik RouterOS\u662fMikroTik RouterBOARD\u786c\u4ef6\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMikroTik RouterOS 6.43.12 (stable)\u548c6.42.12 (long-term)\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8def\u7531\u5668\u7684\u9632\u706b\u5899\u6216\u8fdb\u884c\u5e38\u89c4\u7f51\u7edc\u626b\u63cf\u6d3b\u52a8\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MikroTik RouterOS\u672a\u8ba4\u8bc1Firewall \u0026 NAT\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "MicroTik RouterOS \u003c6.42.12 (long-term)",
      "MicroTik RouterOS \u003c6.43.12 (stable)"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3924",
  "serverity": "\u4e2d",
  "submitTime": "2019-02-21",
  "title": "MikroTik RouterOS\u672a\u8ba4\u8bc1Firewall \u0026 NAT\u7ed5\u8fc7\u6f0f\u6d1e"
}

gsd-2019-3924

Vulnerability from gsd

Modified

2023-12-13 01:24

Details

Aliases

CVE-2019-3924

Aliases

CVE-2019-3924

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-3924",
    "description": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities.",
    "id": "GSD-2019-3924",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2019-3924"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-3924"
      ],
      "details": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities.",
      "id": "GSD-2019-3924",
      "modified": "2023-12-13T01:24:02.773870Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vulnreport@tenable.com",
        "DATE_PUBLIC": "2019-02-12T00:00:00",
        "ID": "CVE-2019-3924",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MikroTik RouterOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Tenable"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-441 Unauthenticated Intermediary"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "46444",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/46444/"
          },
          {
            "name": "https://www.tenable.com/security/research/tra-2019-07",
            "refsource": "MISC",
            "url": "https://www.tenable.com/security/research/tra-2019-07"
          },
          {
            "name": "107177",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/107177"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.42.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.43.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2019-3924"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-441"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2019-07",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/research/tra-2019-07"
            },
            {
              "name": "107177",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/107177"
            },
            {
              "name": "46444",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/46444/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:49Z",
      "publishedDate": "2019-02-20T20:29Z"
    }
  }
}

ghsa-4qcw-5w3m-2hfg

Vulnerability from github

Published

2022-05-13 01:31

Modified

2025-08-15 21:31

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3924"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-441"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-20T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities.",
  "id": "GHSA-4qcw-5w3m-2hfg",
  "modified": "2025-08-15T21:31:11Z",
  "published": "2022-05-13T01:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3924"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46444"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2019-07"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107177"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities. MikroTik RouterOS Contains a vulnerability in bypassing filtering.Information may be obtained. MikroTik RouterOS is prone to a security-bypass vulnerability. An attacker can exploit this issue to security restrictions and perform unauthorized actions. This may lead to further attacks. MikroTik RouterOS version prior to 6.43.12, and 6.42.12 are vulnerable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0194",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "routeros",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "mikrotik",
        "version": "6.42.12"
      },
      {
        "model": "routeros",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "mikrotik",
        "version": "6.43.12"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "6.41.3"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.51"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.50"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.49"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.48"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.47"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.46"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.45"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.44"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.43"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.42"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.41"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "2.9.40"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "6.42"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "6.3"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "6.2"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "5.26"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "5.25"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "5.15"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "5.0"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "4.0"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "3.2"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "3.13"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "3.12"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "3.11"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "3.10"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "3.09"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "3.08"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "3.07"
      },
      {
        "model": "routeros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "3.0"
      },
      {
        "model": "routeros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "6.43.12"
      },
      {
        "model": "routeros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": "6.42.12"
      },
      {
        "model": "routeros 6.44beta75",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mikrotik",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "107177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3924"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:mikrotik:router_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jacob Baines,Tenable",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-3924",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-3924",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-155359",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-3924",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-3924",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-3924",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-775",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-155359",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155359"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3924"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities. MikroTik RouterOS Contains a vulnerability in bypassing filtering.Information may be obtained. MikroTik RouterOS is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to security restrictions  and perform unauthorized actions. This may lead to further attacks. \nMikroTik RouterOS version prior to 6.43.12, and 6.42.12 are vulnerable. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "db": "BID",
        "id": "107177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-155359"
      }
    ],
    "trust": 1.98
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-155359",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155359"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-3924",
        "trust": 2.8
      },
      {
        "db": "TENABLE",
        "id": "TRA-2019-07",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "107177",
        "trust": 2.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "46444",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-775",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "151798",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-97824",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-155359",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155359"
      },
      {
        "db": "BID",
        "id": "107177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3924"
      }
    ]
  },
  "id": "VAR-201902-0194",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155359"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:48:29.850000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://mikrotik.com/"
      },
      {
        "title": "MikroTik RouterOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89571"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-441",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155359"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3924"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.securityfocus.com/bid/107177"
      },
      {
        "trust": 2.8,
        "url": "https://www.tenable.com/security/research/tra-2019-07"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploit-db.com/exploits/46444/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3924"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3924"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/151798/mikrotik-routeros-firewall-nat-bypass.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/46444"
      },
      {
        "trust": 0.3,
        "url": "http://www.mikrotik.com/"
      },
      {
        "trust": 0.3,
        "url": "https://mikrotik.com/download"
      },
      {
        "trust": 0.3,
        "url": "https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-155359"
      },
      {
        "db": "BID",
        "id": "107177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3924"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-155359"
      },
      {
        "db": "BID",
        "id": "107177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3924"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155359"
      },
      {
        "date": "2019-02-22T00:00:00",
        "db": "BID",
        "id": "107177"
      },
      {
        "date": "2019-03-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "date": "2019-02-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      },
      {
        "date": "2019-02-20T20:29:03.047000",
        "db": "NVD",
        "id": "CVE-2019-3924"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-155359"
      },
      {
        "date": "2019-02-22T00:00:00",
        "db": "BID",
        "id": "107177"
      },
      {
        "date": "2019-03-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      },
      {
        "date": "2024-11-21T04:42:52.450000",
        "db": "NVD",
        "id": "CVE-2019-3924"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MikroTik RouterOS Vulnerabilities related to filtering bypass",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001911"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-775"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2019-3924

Vulnerability from fkie_nvd

Published

2019-02-20 20:29

Modified

2025-08-15 20:21

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
vulnreport@tenable.com	http://www.securityfocus.com/bid/107177	Third Party Advisory, VDB Entry
vulnreport@tenable.com	https://www.exploit-db.com/exploits/46444/	Exploit, Third Party Advisory, VDB Entry
vulnreport@tenable.com	https://www.tenable.com/security/research/tra-2019-07	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107177	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/46444/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2019-07	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	mikrotik	routeros	*
	mikrotik	routeros	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
              "matchCriteriaId": "6ABE243E-294B-4E3F-87C1-B259C4F05E24",
              "versionEndExcluding": "6.42.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "25FEA7BB-04B7-4B11-9BAB-C94D46A1CCAC",
              "versionEndExcluding": "6.43.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
    },
    {
      "lang": "es",
      "value": "MikroTik RouterOS, en versiones anteriores a la 6.43.12 (stable) y 6.42.12 (long-term), es vulnerable a una vulnerabilidad de intermediario. El software ejecutar\u00e1 peticiones de red definidas por el usuario a los clientes WAN y LAN. Un atacante no autenticado remoto puede emplear esta vulnerabilidad para omitir el firewall del router o para realizar actividades generales de escaneo de red."
    }
  ],
  "id": "CVE-2019-3924",
  "lastModified": "2025-08-15T20:21:44.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-20T20:29:03.047",
  "references": [
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107177"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46444/"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2019-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46444/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2019-07"
    }
  ],
  "sourceIdentifier": "vulnreport@tenable.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-441"
        }
      ],
      "source": "vulnreport@tenable.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-441"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-3924 (GCVE-0-2019-3924)

Vulnerability from cvelistv5

cnvd-2019-05572

Vulnerability from cnvd

gsd-2019-3924

Vulnerability from gsd

ghsa-4qcw-5w3m-2hfg

Vulnerability from github

var-201902-0194

Vulnerability from variot

fkie_cve-2019-3924

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature