Skip to main content

Routeros CVE-2017-7285

HIGH
Uncontrolled Resource Consumption (CWE-400)
2017-03-29 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 29, 2017 - 14:59 cve.org
HIGH 7.5

DescriptionCVE.org

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.

AnalysisAI

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. Affected products include: Mikrotik Routeros. Version information: Version 6.38.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2017-6444 HIGH POC
7.5 Mar 12

The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast netw

CVE-2022-34960 CRITICAL POC
9.8 Aug 25

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links

CVE-2018-7445 CRITICAL POC
9.8 Mar 19

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Rated

CVE-2018-14847 CRITICAL POC
9.1 Aug 02

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated

CVE-2022-45313 HIGH POC
8.8 Dec 05

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. Rated high

CVE-2018-1156 HIGH POC
8.8 Aug 23

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface.

CVE-2012-6050 MEDIUM POC
6.4 Nov 27

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consu

CVE-2021-27221 HIGH POC
8.1 Mar 19

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /expo

CVE-2019-3943 HIGH POC
8.1 Apr 10

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are v

CVE-2018-10066 HIGH POC
8.1 Apr 13

An issue was discovered in MikroTik RouterOS 6.41.4. Rated high severity (CVSS 8.1), this vulnerability is remotely expl

CVE-2017-8338 HIGH POC
7.5 May 18

A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU v

CVE-2020-20021 HIGH POC
7.5 Jul 12

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfigurati

Share

CVE-2017-7285 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy