Any progress in patching this Vulnerability?
https://github.com/botlabsDev/CVE-2020-11881
So sad! This' a blowVery disappointing if this was disclosed to them in April! Luckily SMB is not a feature that should be enabled by most users.
Normis, there is a section on the linked homepage of the CVE which states that the vulnerability was inded fixed in 6.47 but re-appeared in 6.47.2 and 6.47.3. Could you please have a look in this direction?Gentlemen, let me quote the Changelog:
and normis responds:The bug was reported on 06.04.2020 and wasn't fixed on 12.09.2020 even after multiple requests.
Then it certainly does not feel right. It actually feels quite convenient for Mikrotik to have this long difference between "claimed release date" and "true release date" because now they can claim "he lies, we did fix it before 12 September".Gentlemen, let me quote the Changelog:
What's new in 6.46.7 (2020-Sep-07 07:38):
So if true I would like to get a propper statement from Mikrotik on CVE-2020-11881 and why oooo why is this blog not updated with info (https://blog.mikrotik.com/security/)Affected Versions(tested)
6.41.3 (long term release)
6.45.8 (long term release)
6.45.9 (long term release)
6.46.4 (stable release)
6.47.2 (stable)
6.47.3 (stable)
7.0beta5 (beta)
7.1beta2 and below
Thanks for the clarification.Currently only the long-term version channel (v6.46.7) has all the necessary fixes for this CVE. We are working on getting them published in stable and testing channels as well. Sorry for any inconvenience.
Thanks.. Let's wait for that.Currently only the long-term version channel (v6.46.7) has all the necessary fixes for this CVE. We are working on getting them published in stable and testing channels as well. Sorry for any inconvenience.
Links for what? It's a simple question on whether this CVE is fixed, as there's no indication in the release notes it has been resolved in anything except 6.47.x.Please provide some links with proper info when you wake up 2 years old topic.
@millap your "scan/detection tool" is terrible...@millap Did you even read that screenshot?
Or do you need some other tool to do that for you?
Tell me clearly where it says 7.1 (stable) and later are vulnerable.Still interesting if this fixed in 7.x tree, I just looked at all changelogs and cant see any fix
Because it's not wrote in any changelog from 7.0 beta till 7.10.0. Can support clear say, yes it's vulnerable or no it's not, that's not hard.Tell me clearly where it says 7.1 (stable) and later are vulnerable.Still interesting if this fixed in 7.x tree, I just looked at all changelogs and cant see any fix
[smb]: online
[dos]: ok
[smb]: online
Anonymous login successful
Sharename Type Comment
--------- ---- -------
SMB1 disabled -- no workgroup available