Hey all,
Today I came across the CVE-2024-2169 and Mikrotik confirmed to be affected.
https://www.kb.cert.org/vuls/id/417980
‘’
Vendor Statement
Our TFTP service is affected, we have resolved the issue in 7.14beta6 version. Stable versions after 7.13.2 will include a patch for this issue.
"
I was wondering if this CVE applies to RouterOS 6 aswell? Or that only RouterOS 7 is affected?
You already answered your own question, it was fixed back in January when the mentioned beta was released. So MikroTik is not affected.
Also, more importantly, this is a “non issue” since normal firewall protects against this. Do you have firewall on the internet port? I hope so. Then you are safe in any version.
6.49.12 and later v6 versions contain the fix as well.
Thank you, This is what I was looking for 