CVE-2019-3924

HIGH Year: 2019
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-441
View all →

Vulnerability Description

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.

Related Vulnerabilities

CVE-2021-32773

HIGH
CVSS:7.5(High)

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to inc...

CWE-4412021

CVE-2020-26262

HIGH
CVSS:7.2(High)

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x...

CWE-4412020

CVE-2023-40111

HIGH
CVSS:7.8(High)

In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privi...

CWE-4412023

CVE-2019-1841

HIGH
CVSS:8.1(High)

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnera...

CWE-4412019

CVE-2018-12182

MEDIUM
CVSS:6.7(Medium)

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local acces...

CWE-4412018

CVE-2025-47269

HIGH
CVSS:8.3(High)

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the ses...

CWE-4412025