VYPR

Winbox

by Mikrotik

CVEs (3)

  • CVE-2020-5721Apr 15, 2020
    risk 0.00cvss epss 0.00

    MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access…

  • CVE-2020-5720Feb 6, 2020
    risk 0.00cvss epss 0.01

    MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle…

  • CVE-2019-3981Jan 14, 2020
    risk 0.00cvss epss 0.01

    MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.