MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable.
References
Link | Resource |
---|---|
https://github.com/noobone123/RouterOS-issues/blob/main/README.md | Third Party Advisory |
Configurations
History
30 Jun 2025, 14:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Mikrotik
Mikrotik routeros |
|
CPE | cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:-:*:*:* | |
References | () https://github.com/noobone123/RouterOS-issues/blob/main/README.md - Third Party Advisory |
30 May 2025, 16:31
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 May 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
29 May 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-29 20:15
Updated : 2025-06-30 14:46
NVD link : CVE-2024-54952
Mitre link : CVE-2024-54952
CVE.ORG link : CVE-2024-54952
JSON object : View
Products Affected
mikrotik
- routeros
CWE
CWE-476
NULL Pointer Dereference