MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Mikrotik
Path Traversal
Routeros
NVD
GitHub
Exploit-DB
CVSS 3.1
9.1
EPSS
96.1%