Arbitrary .rsc File Creation and Overwrite Vulnerability in MikroTik RouterOS 6.47.9

Arbitrary .rsc File Creation and Overwrite Vulnerability in MikroTik RouterOS 6.47.9

CVE-2021-27221 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work

Learn more about our User Device Pen Test.