From b491eaa423e13c3170bb39312f000d66a222ef46 Mon Sep 17 00:00:00 2001 From: Caster Date: Thu, 22 May 2025 22:34:44 +0500 Subject: [PATCH] update db --- cve_lookup.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cve_lookup.py b/cve_lookup.py index a66cab6..949cd5b 100644 --- a/cve_lookup.py +++ b/cve_lookup.py @@ -65,4 +65,6 @@ cve_routeros_database = { "CVE-2023-30799": "MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.", "CVE-2023-30800": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result", "CVE-2023-41570": "MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.", -} \ No newline at end of file + "CVE-2024-38861": "Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.", + "CVE-2024-54772": "An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.", +}