The web server used by MikroTik RouterOS version 6 was affected by a heap memory corruption issue. In specific conditions, a crafted HTTP request could cause the web interface service to crash and restart. This affected the availability of the web interface, while the service restarted automatically.
This issue is fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
MikroTik always recommends keeping RouterOS devices up to date and using a strong firewall so web and management services are not reachable from untrusted networks.
Contact us about vulnerabilities