Vulnerabilities in MikroTik RouterOS

Recently I discovered two vulnerabilities in MikroTik RouterOS. One of them requires authentication (CVE-2019-15055). In the first report to MikroTik, this path traversal vulnerability allows an authenticated user to write/delete arbitrary writable files on the system, which could lead to privilege escalation. All discovered vulnerabilities have been fixed in the latest testing and stable version.