Description: Rasmus Moorats' personal blog. Infosec write-ups.
Home Contact Projects Git RSS CVE-2022-34960 Symlinks as mount portals: Abusing container mount points on MikroTik's RouterOS to gain code execution 05 August 2022, Friday RouterOS release 7.4beta4 introduced containers for MikroTik devices. From the changelog :
container - added support for running Docker (TM) containers on ARM, ARM64 and x86
It turns out that due to a couple of implementation flaws, it's possible to execute code on the host device via the container functionality.