Community discussions

MikroTik App
  4. RouterOS
  5. General

CVE-2024-2169 - Is RouterOS 6 affected? and/or RouterOS 7?  [SOLVED]

Post Reply
 
User avatar
slimmerwifi
just joined
Topic Author
Posts: 17
Joined: Tue Aug 01, 2017 6:05 pm
Location: Netherlands

CVE-2024-2169 - Is RouterOS 6 affected? and/or RouterOS 7?

Thu Mar 21, 2024 11:11 am

Hey all,

Today I came across the CVE-2024-2169 and Mikrotik confirmed to be affected.
https://www.kb.cert.org/vuls/id/417980
''
Vendor Statement
Our TFTP service is affected, we have resolved the issue in 7.14beta6 version. Stable versions after 7.13.2 will include a patch for this issue.
"

I was wondering if this CVE applies to RouterOS 6 aswell? Or that only RouterOS 7 is affected?
Top
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26387
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: CVE-2024-2169 - Is RouterOS 6 affected? and/or RouterOS 7?

Thu Mar 21, 2024 11:38 am

You already answered your own question, it was fixed back in January when the mentioned beta was released. So MikroTik is not affected.

Also, more importantly, this is a "non issue" since normal firewall protects against this. Do you have firewall on the internet port? I hope so. Then you are safe in any version.
Top
 
Guntis
MikroTik Support
MikroTik Support
Posts: 169
Joined: Fri Jul 20, 2018 1:40 pm

Re: CVE-2024-2169 - Is RouterOS 6 affected? and/or RouterOS 7?  [SOLVED]

Thu Mar 21, 2024 11:40 am

6.49.12 and later v6 versions contain the fix as well.
Top
 
User avatar
slimmerwifi
just joined
Topic Author
Posts: 17
Joined: Tue Aug 01, 2017 6:05 pm
Location: Netherlands

Re: CVE-2024-2169 - Is RouterOS 6 affected? and/or RouterOS 7?

Thu Mar 21, 2024 12:31 pm

6.49.12 and later v6 versions contain the fix as well.
Thank you, This is what I was looking for :)
Top
Post Reply

Who is online

Users browsing this forum: alixviral, DanMos79, Totten98, VirtualEvan and 37 guests
  4. RouterOS
  5. General