Skip to content
May 22, 2025
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Primary Menu
  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Linux
  • Malware Attack
  • Open Source Tool
  • Technology
  • Vulnerability
  • Home
  • News
  • Vulnerability
  • CVE-2022-45313: Mikrotik RouterOs flaw can lead to execute arbitrary code
  • Vulnerability

CVE-2022-45313: Mikrotik RouterOs flaw can lead to execute arbitrary code

Ddos December 5, 2022 1 min read
CVE-2022-45313

A vulnerability exists in MikroTik’s RouterOS in versions prior to stable v7.5, released on August 31, 2018. Details were published on November 11 and disclosed by Github user cq674350529.

RouterOS is a stand-alone operating system based on the Linux kernel. It powers MikroTik hardware devices but is also available for virtual machines.

The vulnerability, identified as CVE-2022-45313, was caused by a lack of proper validation that allows attackers to remotely execute code on affected devices.

A cybersecurity researcher has released a new proof-of-concept (PoC) RCE attack for an out-of-bounds read in the hotspot process that was found and patched in RouterOS version 7.5.

“The hotspot process suffers from an out-of-bounds read vulnerability. Due to lack of proper validation, by sending a crafted nova message with a specific u32_id key with negative value, it’s possible to cause out-of-bounds read, which may affect the function pointer of an indirect call furtherly. It’s possible for an authenticated user to achieve code execution,” the researcher wrote.

CVE-2022-45313 was initially found in Mikrotik RouterOS firmware long-term version 6.44.6. The researcher reported the bug to MikroTik on July 29, and the company addressed the vulnerabilities by releasing its RouterOS version 7.5 in August.

With the proof-of-concept (PoC) exploit now made public, it is important for all MikroTik users to upgrade to the latest version.

Rate this post

Found this helpful?

If this article helped you, please share it with others who might benefit.

Tags: CVE-2022-45313 Mikrotik RouterOs

Continue Reading

Previous: CVE-2022-46164: Account Takeover Vulnerability Found in NodeBB
Next: 7 Highly Effective Sales Prospecting Techniques For 2023

Search

💙 Support Us!
We need 50 contributors this month to keep this site running.
19 of 50 supporters this month
☕ Buy Me a Coffee PayPalDonate
Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    Copyright © All rights reserved.
    x