The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
Base Score: 5
Impact Score: 2.9
Exploitability Score: 10
Base Score: 7.5
Impact Score: 3.6
Exploitability Score: 3.9
cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:* versions up to 6.44.5 (inclusive)
cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:* versions up to 6.45.6 (inclusive)