CVE-2020-10364 - Mikrotik Rb2011il-in Firmware, Mikrotik Ccr1036-12g-4s-em Firmware and Mikrotik Hex S Firmware

Critical 7.5

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.

Affected software

Mikrotik Rb2011il-in Firmware

Mikrotik Ccr1036-12g-4s-em Firmware

Mikrotik Hex S Firmware

Mikrotik Ccr1016-12g Firmware

Mikrotik Ccr1036-8g-2s\+em Firmware

Mikrotik Rb2011il-rm Firmware

Mikrotik Hex Poe Firmware

Mikrotik Ccr1009-7g-1c-pc Firmware

Mikrotik Ccr1072-1g-8s\+ Firmware

Mikrotik Powerbox Firmware

Mikrotik Ccr1036-8g-2s\+ Firmware

Mikrotik Rb2011uias-in Firmware

Mikrotik Ccr1009-7g-1c-1s\+pc Firmware

Mikrotik Rb2011ils-in Firmware

Mikrotik Hex Firmware

Mikrotik Rb4011igs\+rm Firmware

Mikrotik Rb3011uias-rm Firmware

Mikrotik Powerbox Pro Firmware

Mikrotik Ccr1036-12g-4s Firmware

Mikrotik Hex Poe Lite Firmware

Mikrotik Rb2011uias-rm Firmware

Mikrotik Rb1100ahx4 Firmware

Mikrotik Ccr1009-7g-1c-1s\+ Firmware

Mikrotik Ccr1016-12s-1s\+ Firmware

Mikrotik Hex Lite Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.