Sign-up

ID

VAR-201712-0853


CVE

CVE-2017-17537


TITLE

MikroTik RouterBOARD Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011822

DESCRIPTION

MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. MikroTik RouterBOARD Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik RouterBoard is a router management panel of MikroTik Company of Latvia. There are security vulnerabilities in MikroTik RouterBOARD version 6.39.2 and 6.40.5

Trust: 2.25

sources: NVD: CVE-2017-17537 // JVNDB: JVNDB-2017-011822 // CNVD: CNVD-2018-00539 // VULHUB: VHN-108569

AFFECTED PRODUCTS

vendor:mikrotikmodel:routerboardscope:eqversion:6.39.2

Trust: 3.0

vendor:mikrotikmodel:routerboardscope:eqversion:6.40.5

Trust: 3.0

sources: CNVD: CNVD-2018-00539 // JVNDB: JVNDB-2017-011822 // CNNVD: CNNVD-201712-462 // NVD: CVE-2017-17537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17537
value: HIGH

Trust: 1.0

NVD: CVE-2017-17537
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-00539
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-462
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108569
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17537
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-00539
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108569
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17537
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-00539 // VULHUB: VHN-108569 // JVNDB: JVNDB-2017-011822 // CNNVD: CNNVD-201712-462 // NVD: CVE-2017-17537

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108569 // JVNDB: JVNDB-2017-011822 // NVD: CVE-2017-17537

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-462

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-462

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011822

PATCH
title:RouterBOARDurl:https://mikrotik.com/products/group/routerboard
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011822

EXTERNAL IDS
db:NVDid:CVE-2017-17537
Trust: 3.1
db:EXPLOIT-DBid:43200
Trust: 1.7
db:JVNDBid:JVNDB-2017-011822
Trust: 0.8
db:CNNVDid:CNNVD-201712-462
Trust: 0.7
db:CNVDid:CNVD-2018-00539
Trust: 0.6
db:PACKETSTORMid:145382
Trust: 0.1
db:VULHUBid:VHN-108569
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-00539 // 
            
            
            
            VULHUB: VHN-108569 // 
            
            
            
            JVNDB: JVNDB-2017-011822 // 
            
            
            
            CNNVD: CNNVD-201712-462 // 
            
            
            
            NVD: CVE-2017-17537

REFERENCES
url:https://www.exploit-db.com/exploits/43200/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-17537
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17537
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-00539 // 
            
            
            
            VULHUB: VHN-108569 // 
            
            
            
            JVNDB: JVNDB-2017-011822 // 
            
            
            
            CNNVD: CNNVD-201712-462 // 
            
            
            
            NVD: CVE-2017-17537

SOURCES
db:CNVDid:CNVD-2018-00539
db:VULHUBid:VHN-108569
db:JVNDBid:JVNDB-2017-011822
db:CNNVDid:CNNVD-201712-462
db:NVDid:CVE-2017-17537

LAST UPDATE DATE
2025-04-20T23:22:02.993000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-00539date:2018-01-09T00:00:00
db:VULHUBid:VHN-108569date:2018-01-12T00:00:00
db:JVNDBid:JVNDB-2017-011822date:2018-01-29T00:00:00
db:CNNVDid:CNNVD-201712-462date:2017-12-14T00:00:00
db:NVDid:CVE-2017-17537date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-00539date:2018-01-09T00:00:00
db:VULHUBid:VHN-108569date:2017-12-13T00:00:00
db:JVNDBid:JVNDB-2017-011822date:2018-01-29T00:00:00
db:CNNVDid:CNNVD-201712-462date:2017-12-12T00:00:00
db:NVDid:CVE-2017-17537date:2017-12-13T16:29:00.363