Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik routeros vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2019-3943
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read ...
Mikrotik Routeros
Mikrotik Routeros 6.41
Mikrotik Routeros 6.42
Mikrotik Routeros 6.43
Mikrotik Routeros 6.44
1 Github repository
8.1
CVSSv3
CVE-2021-41987
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
Mikrotik Routeros 6.47.10
Mikrotik Routeros 6.47.9
Mikrotik Routeros 6.46.8
6.5
CVSSv3
CVE-2019-13954
Mikrotik RouterOS prior to 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.
Mikrotik Routeros 6.45
Mikrotik Routeros
6.5
CVSSv3
CVE-2019-13955
Mikrotik RouterOS prior to 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.
Mikrotik Routeros
Mikrotik Routeros 6.45
7.5
CVSSv3
CVE-2020-11881
An array index error in MikroTik RouterOS 6.41.3 up to and including 6.46.5, and 7.x up to and including 7.0 Beta5, allows an unauthenticated remote malicious user to crash the SMB server via modified setup-request packets, aka SUP-12964.
Mikrotik Routeros
Mikrotik Routeros 7.0
1 Github repository
9.8
CVSSv3
CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes pla...
Mikrotik Routeros
Mikrotik Routeros 6.4.2
1 EDB exploit
1 Github repository
1 Article
5.9
CVSSv3
CVE-2017-6297
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle malicious users to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the tr...
Mikrotik Routeros 6.37.4
Mikrotik Routeros 6.83.3
3.7
CVSSv3
CVE-2019-3981
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
Mikrotik Routeros
Mikrotik Winbox
NA
CVE-2008-6976
MikroTik RouterOS 3.x up to and including 3.13 and 2.x up to and including 2.9.51 allows remote malicious users to modify Network Management System (NMS) settings via a crafted SNMP set request.
Mikrotik Routeros
1 EDB exploit
6.5
CVSSv3
CVE-2018-1157
Mikrotik RouterOS prior to 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.
Mikrotik Routeros
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »