0
0
CVE-2022-45313 (Mikrotik RouterOs before stable v7.5 was discovered to contain an OOB R/ in the hotspot vuln process) +
The hotspot process suffers from an OOB R/ vulnerability. Due to lack of proper validation, by sending a crafted nova message with a specific
u32_id
key with negative value, it’s possible to cause OOB R/, which may affect the function pointer of an indirect call furtherly. It’s possible for an authenticated user to achieve code execution.
Vulnerability was initially found in long-term
6.44.6 and was fixed in stable
7.5
CVE-2022-45315(Mikrotik RouterOs before stable v7.6 was discovered to contain an OOB R/ in the snmp process) + PoC
The
snmp
process suffers from an OOB R/ vulnerability. Due to lack of proper validation on value of a specific
u32_id
key, by sending a crafted packet, it’s possible to cause OOB R/, which may affect the function pointer of an indirect call furtherly. It’s possible for an authenticated user to achieve code execution.
CVE-2022-45313
Description
The hotspot process suffers from an out-of-bounds read vulnerability. Due to lack of proper validation, by sending a crafted nova message with a specific u32_id key with negative value, it’s possible to cause out-of-bounds read, which may affect the function pointer of an indirect call furtherly. It’s possible for an authenticated user to achieve code execution.
The authentication here means that the user should be authenticated to the device itself (e.g. web, winbox).
Against stable 6.46.5, the poc resulted in the following crash captured by gdb.
You must be logged in to post a comment.