CVE-2022-34960

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
Configurations

Configuration 1 (hide)

cpe:2.3:o:mikrotik:routeros:7.4:beta4:*:*:-:*:*:*

History

No history.

Information

Published : 2022-08-25 02:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-34960

Mitre link : CVE-2022-34960

CVE.ORG link : CVE-2022-34960


JSON object : View

Products Affected

mikrotik

  • routeros
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')