Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-3943
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read ...
Mikrotik Routeros
Mikrotik Routeros 6.41
Mikrotik Routeros 6.42
Mikrotik Routeros 6.43
Mikrotik Routeros 6.44
1 Github repository
6.8
CVSSv2
CVE-2021-41987
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
Mikrotik Routeros 6.47.10
Mikrotik Routeros 6.47.9
Mikrotik Routeros 6.46.8
4.3
CVSSv2
CVE-2019-3981
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
Mikrotik Routeros
Mikrotik Winbox
10
CVSSv2
CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes pla...
Mikrotik Routeros
Mikrotik Routeros 6.4.2
1 EDB exploit
1 Github repository
1 Article
6.8
CVSSv2
CVE-2019-13954
Mikrotik RouterOS prior to 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.
Mikrotik Routeros 6.45
Mikrotik Routeros
4
CVSSv2
CVE-2019-13955
Mikrotik RouterOS prior to 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.
Mikrotik Routeros
Mikrotik Routeros 6.45
5
CVSSv2
CVE-2020-11881
An array index error in MikroTik RouterOS 6.41.3 up to and including 6.46.5, and 7.x up to and including 7.0 Beta5, allows an unauthenticated remote malicious user to crash the SMB server via modified setup-request packets, aka SUP-12964.
Mikrotik Routeros
Mikrotik Routeros 7.0
1 Github repository
5
CVSSv2
CVE-2017-17537
MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote malicious user to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.
Mikrotik Routerboard 6.40.5
Mikrotik Routerboard 6.39.2
4.3
CVSSv2
CVE-2017-6297
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle malicious users to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the tr...
Mikrotik Routeros 6.37.4
Mikrotik Routeros 6.83.3
7.5
CVSSv2
CVE-2020-13118
An issue exists in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.
Mikrotik-router-monitoring-system Project Mikrotik-router-monitoring-system
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »