Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik winbox vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-3981
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
Mikrotik Winbox
Mikrotik Routeros
4.3
CVSSv2
CVE-2020-5720
MikroTik WinBox prior to 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle at...
Mikrotik Winbox
2.1
CVSSv2
CVE-2020-5721
MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with acce...
Mikrotik Winbox
7.5
CVSSv2
CVE-2019-3943
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read ...
Mikrotik Routeros
Mikrotik Routeros 6.41
Mikrotik Routeros 6.42
Mikrotik Routeros 6.43
Mikrotik Routeros 6.44
1 Github repository
6.4
CVSSv2
CVE-2018-14847
MikroTik RouterOS up to and including 6.42 allows unauthenticated remote malicious users to read arbitrary files and remote authenticated malicious users to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Mikrotik Routeros
1 EDB exploit
43 Github repositories
4 Articles
NA
CVE-2023-30799
MikroTik RouterOS stable prior to 6.49.7 and long-term up to and including 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vul...
Mikrotik Routeros
6.4
CVSSv2
CVE-2012-6050
The winbox service in MikroTik RouterOS 5.15 and previous versions allows remote malicious users to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated b...
Mikrotik Routeros 5.15
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started