Share:

CVE-2021-27221 - Mikrotik Routeros

March 19, 2021

Critical 8.1

** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work.

Affected software

Mikrotik Routeros

Reference links

https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.