{"uuid": "d5005617-4c77-4ad6-a358-51b98c737597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2663", "type": "seen", "source": "https://t.me/mikrotik_rus/263", "content": "\u0427\u0442\u043e \u043d\u043e\u0432\u043e\u0433\u043e \u0432 RouterOS 7.6 (2022-Oct-17 13:55):\n\n*) bgp - added support for BGP advertisement displaying (CLI only);\n*) bgp - fixed reporting of session uptime;\n*) bgp - improved session establishment speed after bootup;\n*) bonding - fixed ARP monitor packets with bond's MAC address;\n*) bonding - improved interface stability on slave configuration changes;\n*) bonding - reduce \"actual-mtu\" according to interface \"l2mtu\";\n*) branding - execute \"autorun.scr\" file when installing branding package;\n*) capsman - fixed RADIUS accounting when EAP is used;\n*) certificate - fixed SHA1 certificate name lookup;\n*) certificate - improved certificate management, signing and storing processes;\n*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;\n*) container - added \"start-on-boot\" parameter for automatic container startup;\n*) container - allow changing container related parameters while it is running;\n*) container - fixed usage of non-authenticated registries;\n*) dhcpv4-server - fixed matcher functionality;\n*) dhcpv4-server - fixed RADIUS accounting for local leases;\n*) dhcpv4-server - improved service stability when removing dynamic leases;\n*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;\n*) dns - added \"match-subdomain\" option for static entries (CLI only);\n*) dot1x - fixed incorrect error when using \"mac-auth\";\n*) ethernet - added \"5Gbps\" option for speed setting;\n*) firewall - added \"src/dst-address-type\" parameter under \"IPv6/Firewall/Mangle\" menu;\n*) firewall - disable IRC NAT helper on upgrade;\n*) firewall - fixed IPv6 filtering with \"in/out-interface\" matcher that is in VRF;\n*) firewall - fixed IRC NAT helper (CVE-2022-2663);\n*) firewall - fixed usage of \"netmap\" action for IPv6 source NAT;\n*) health - fixed fan speed and temperature reporting on CCR1072;\n*) health - improved voltage reading on RBmAP-2nD;\n*) hotspot - fixed service initialization when HTML directory configured on an external disk;\n*) hotspot - fixed SSL usage on all HotSpot pages;\n*) hotspot - improved stability when receiving bogus packets;\n*) hotspot - limit maximum allowed connections based on free RAM resources;\n*) hotspot - removed \"routerboard.com\" URL from default HotSpot advertise;\n*) interface - added warning when interface has configured \"mtu\" higher than \"l2mtu\";\n*) ipsec - added \"invalid-packets\" counter for Installed SA's menu;\n*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;\n*) l3hw - added \"l3hw-settings\" sub menu under the switch menu;\n*) l3hw - added support for IPv6 route offloading (disabled by default);\n*) l3hw - fixed \"H\" flag presence for accelerated connection tracking entries;\n*) l3hw - fixed possible packet loss when using HW offloaded NAT;\n*) l3hw - improved connected host offloading on startup;\n*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;\n*) l3hw - improved system stability;\n*) l3hw - made route offloading selection work only on unicast;\n*) lte - added interface name in MTU debug logging message;\n*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;\n*) lte - added support for Neoway N75-EA;\n*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;\n*) lte - disabled RPLMN on Chateau 5G;\n*) lte - fixed at-chat on Telit FN980m;\n*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;\n*) lte - fixed MBIM modem initialization;\n*) lte - fixed re-attaching on PS detach for MBIM modems;\n*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;\n*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;\n*) macsec - added logging support with \"debug\" and \"dot1x\" topics;\n*) macsec - added support for MTU and L2MTU;\n*) macsec - fixed interface after Ethernet link down;\n*) macsec - fixed interface statistics and missing properties;\n*) macsec - fixed in", "creation_timestamp": "2022-10-18T23:08:12.000000Z"}