Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik routeros vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-3943
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read ...
Mikrotik Routeros
Mikrotik Routeros 6.41
Mikrotik Routeros 6.42
Mikrotik Routeros 6.43
Mikrotik Routeros 6.44
1 Github repository
6.8
CVSSv2
CVE-2021-41987
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
Mikrotik Routeros 6.47.10
Mikrotik Routeros 6.47.9
Mikrotik Routeros 6.46.8
4
CVSSv2
CVE-2019-13955
Mikrotik RouterOS prior to 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.
Mikrotik Routeros
Mikrotik Routeros 6.45
10
CVSSv2
CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes pla...
Mikrotik Routeros
Mikrotik Routeros 6.4.2
1 EDB exploit
1 Github repository
1 Article
5
CVSSv2
CVE-2020-11881
An array index error in MikroTik RouterOS 6.41.3 up to and including 6.46.5, and 7.x up to and including 7.0 Beta5, allows an unauthenticated remote malicious user to crash the SMB server via modified setup-request packets, aka SUP-12964.
Mikrotik Routeros
Mikrotik Routeros 7.0
1 Github repository
6.8
CVSSv2
CVE-2019-13954
Mikrotik RouterOS prior to 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.
Mikrotik Routeros 6.45
Mikrotik Routeros
4.3
CVSSv2
CVE-2017-6297
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle malicious users to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the tr...
Mikrotik Routeros 6.37.4
Mikrotik Routeros 6.83.3
4.3
CVSSv2
CVE-2019-3981
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
Mikrotik Routeros
Mikrotik Winbox
NA
CVE-2020-20021
An issue discovered in MikroTik Router v6.46.3 and previous versions allows malicious user to cause denial of service via misconfiguration in the SSH daemon.
Mikrotik Routeros
4
CVSSv2
CVE-2020-20254
Mikrotik RouterOs prior to 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Mikrotik Routeros
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »