{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T10:32:56.639","vulnerabilities":[{"cve":{"id":"CVE-2024-54772","sourceIdentifier":"cve@mitre.org","published":"2025-02-11T23:15:09.117","lastModified":"2025-06-30T14:48:12.073","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts."},{"lang":"es","value":"Se descubrió un problema en el servicio Winbox de MikroTik RouterOS v6.43 a v7.16.1 versiones v6.43.13 hasta v6.49.13 y estables desde v6.43 hasta v7.17.2. Hay disponible un parche en la versión estable v6.49.18. Una discrepancia en el tamaño de respuesta entre los intentos de conexión realizados con un nombre de usuario válido y aquellos con un nombre de usuario no válido permite a los atacantes realizar una enumeración de cuentas válidas."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*","versionStartIncluding":"6.43","versionEndExcluding":"6.49.18","matchCriteriaId":"F618C1B1-340C-4893-A0FF-23B533F787E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*","versionStartIncluding":"6.43.13","versionEndIncluding":"6.49.13","matchCriteriaId":"2DD4F8E4-8A7E-408E-ACF8-C7D003D78027"},{"vulnerable":true,"criteria":"cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*","versionStartIncluding":"7.1","versionEndExcluding":"7.18","matchCriteriaId":"BD087026-C45D-44F3-A305-41A07FDB14EC"}]}]}],"references":[{"url":"https://github.com/deauther890/CVE-2024-54772","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}}]}