CVE-2024-54772

EPSS 2.04% · P84 Updated Feb 24, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-54772

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

MikroTik RouterOS 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

MikroTik RouterOS是拉脱维亚MikroTik公司的一套基于Linux开发的路由器操作系统。该系统可部署在PC中，使其提供路由器功能。 MikroTik RouterOS v6.43版本至v7.16.1版本存在安全漏洞，该漏洞源于使用有效用户名和无效用户名进行的连接尝试之间的响应时间存在差异，可能导致攻击者可以枚举有效帐户。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2024-54772

#	POC Description	Source Link	Shenlong Link
1	This repo contains the exploit for CVE-2024-54772 which can enumerate valid usernames in Mikrotik routers running RouterOS	https://github.com/deauther890/CVE-2024-54772	POC Details
2	None	https://github.com/Seven11Eleven/CVE-2024-54772	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-54772

请登录查看更多情报信息。

Same Patch Batch · n/a · 2025-02-11 · 20 CVEs total

CVE-2025-1211	6.5 MEDIUM	Hackney 安全漏洞
CVE-2025-25528		WAVLINK WL-WN575A3 安全漏洞
CVE-2024-33469		Amaze File Manager 安全漏洞
CVE-2024-54916		Telegram 安全漏洞
CVE-2024-44336		AnkiDroid 安全漏洞
CVE-2022-37660		hostapd 安全漏洞
CVE-2024-51324		Baidu Antivirus 安全漏洞
CVE-2024-55212		DNNGo xBlog 安全漏洞
CVE-2024-57241		DesDev DedeCMS 安全漏洞
CVE-2024-57777		lanproxy 安全漏洞
CVE-2025-25522		Linksys WAP610N 安全漏洞
CVE-2025-25530		Digital China Networks DCBI-Netlog-LAB 安全漏洞
CVE-2025-25527		Ruijie Networks RG-NBR2600S 安全漏洞
CVE-2025-25529		Digital China Networks DCBC Gateway 安全漏洞
CVE-2025-25525		H3C FA3010L 安全漏洞
CVE-2025-25526		Mercury MIPC552W 安全漏洞
CVE-2025-25524		TOTOLINK X6000R 安全漏洞
CVE-2025-25523		TRENDnet TEG-40128 安全漏洞
CVE-2022-35202		Sitevision 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2024-54772

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-54772

I. Basic Information for CVE-2024-54772

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-54772

III. Intelligence Information for CVE-2024-54772

Same Patch Batch · n/a · 2025-02-11 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-54772

Leave a comment