![]() What is important is that a SHA-1 hash is computed over all the sections up to the signature section (9). The individual sections aren’t important to this discussion. !) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979) įor more details, please see the original report by Jacob Baines (Tenable).If Winbox access is enabled from untrusted networks, an attacker from the internet can trigger a DNS request from the router, which allows the attacker to make arbitrary requests, find the router's internal address (router.lan), or figure out what is already cached.Īs usual, we recommend protecting your router administration interface with a VPN and firewall. ![]() The resolver can be reached via Winbox by sending messages to the system resolver. One possible attack vector is via Winbox on port 8291 if this port is open to untrusted networks. The router is impacted even when DNS is not enabled. RouterOS 6.45.6 and below are vulnerable to unauthenticated, remote DNS cache poisoning via Winbox. Tenable has identified a vulnerability in RouterOS DNS implementation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |