There a number (6) of remotely executable vulnerabilities addressed in this release. MAJOR CHANGES IN v6.45.1: ---------------------- CVE-2018-1157 memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request. CVE-2018-1158 stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. CVE-2019-11477 integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs) CVE-2019-11478 TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. CVE-2019-11479 remote peer to fragment TCP resend queues CVE-2019-13074 vulnerability in the FTP daemon could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management. Like always, it's recommended to keep your devices up to date, instructions for updating can be found @ https://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS