A grave flaw that found in MikroTik RouterOS enables invaders to carry out DoS attack on the susceptible router that causes the device to reboot.

MikroTik, which provides hardware and software for internet connectivity the world over, also created a RouterOS software.

This flaw lets the regulator timer to reboot the router that causes device overloaded and finally stopped responding. Although the issue was addressed and rectified, another problem caused the memory to be filled as IPv6 route cache size might be bigger than the available RAM.

MikroTik said that this vulnerability also was corrected by introducing involuntary cache size calculation based on existing memory.

Vulnerability CVE-2018-19299 has been patched by MicroTik, but an unpatched MikroTik router that routes the traffic through IPV6 will be impacted.

MikroTik says that both rectifications have already been released in RouterOS versions that were published in April 2019.

Leave a Reply

Your email address will not be published. Required fields are marked *