| 제목 | MikroTik RouterOS 6.49.8 Out-of-Bounds Read |
|---|
| 설명 | An out-of-bounds read vulnerability exists in the nova/lib/www/scep.p component of MikroTik RouterOS firmware. The SCEP server parses attacker-controlled PKCS#7 signed attributes such as transactionID and messageType by returning raw ASN1_STRING_data() pointers and later consuming those values with NUL-terminated C-string semantics. An attacker who can reach an enabled SCEP endpoint can send a crafted PKIOperation request containing a non-NUL-terminated ASN.1 PrintableString and trigger reads beyond the original ASN.1 attribute boundary, leading to pre-authentication information disclosure in certRep replies and abnormal parser behavior. |
|---|
| 원천 | ⚠️ https://github.com/ezio315/cve/issues/4 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2026. 04. 07. AM 11:11 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 02. AM 07:56 (25 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 360804 [MikroTik RouterOS 6.49.8 SCEP Endpoint nova/lib/www/scep.p ASN1_STRING_data transactionID/messageType 정보 공개] |
|---|
| 포인트들 | 20 |
|---|