A buffer overflow vulnerability has been discovered in MikroTik RouterOS 7, affecting the parse_json_element function within the libjson.so component. The vulnerability is triggered through the /rest/ip/address/print endpoint and can be exploited remotely. The exploit for this issue has been publicly disclosed and may be actively used.
Upgrading to RouterOS version 7.20.1 or 7.21beta2 mitigates this issue. The vendor has confirmed that a fix has been implemented and plans to release a RouterOS update containing the patch. Users should upgrade to the latest available version to ensure full protection.
MikroTik always recommends keeping RouterOS devices up to date and using a strong firewall so REST API and management services are available only from trusted networks.
Contact us about vulnerabilities