Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik routeros vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-45315
Mikrotik RouterOs before stable v7.6 exists to contain an out-of-bounds read in the snmp process. This vulnerability allows malicious users to execute arbitrary code via a crafted packet.
Mikrotik Routeros
9.8
CVSSv3
CVE-2017-20149
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute ar...
Mikrotik Routeros
9.8
CVSSv3
CVE-2022-34960
The container package in MikroTik RouterOS 7.4beta4 allows an malicious user to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the malicious user to mount any arbitrary file to any location on the host.
Mikrotik Routeros 7.4
9.8
CVSSv3
CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes pla...
Mikrotik Routeros
Mikrotik Routeros 6.4.2
1 EDB exploit
1 Github repository
1 Article
9.1
CVSSv3
CVE-2018-14847
MikroTik RouterOS up to and including 6.42 allows unauthenticated remote malicious users to read arbitrary files and remote authenticated malicious users to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Mikrotik Routeros
1 EDB exploit
43 Github repositories
4 Articles
8.8
CVSSv3
CVE-2022-45313
Mikrotik RouterOs before stable v7.5 exists to contain an out-of-bounds read in the hotspot process. This vulnerability allows malicious users to execute arbitrary code via a crafted nova message.
Mikrotik Routeros
8.8
CVSSv3
CVE-2019-3976
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell ...
Mikrotik Routeros
8.8
CVSSv3
CVE-2018-1156
Mikrotik RouterOS prior to 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
Mikrotik Routeros
1 Article
8.1
CVSSv3
CVE-2021-41987
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
Mikrotik Routeros 6.47.10
Mikrotik Routeros 6.47.9
Mikrotik Routeros 6.46.8
8.1
CVSSv3
CVE-2021-27221
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
Mikrotik Routeros 6.47.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »