CVE-2020-5721 is a vulnerability in MikroTik Winbox
Published on April 15, 2020
MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router.
Weakness Type
Password in Configuration File
The software stores a password in a configuration file that might be accessible to actors who do not know the password. This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.
Products Associated with CVE-2020-5721
Want to know whenever a new CVE is published for MikroTik Winbox? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.