Arbitrary .rsc File Creation and Overwrite Vulnerability in MikroTik RouterOS 6.47.9
CVE-2021-27221 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
Learn more about our User Device Pen Test.