VYPR
Unrated severityNVD Advisory· Published Oct 15, 2022· Updated May 14, 2025

CVE-2017-20149

CVE-2017-20149

Description

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mikrotik/Routeroscpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: < 6.38.5 (Stable) / < 6.37.5 (Long-term)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.