Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30799
MikroTik RouterOS stable prior to 6.49.7 and long-term up to and including 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vul...
Mikrotik Routeros
NA
CVE-2023-30800
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted...
Mikrotik Routeros
NA
CVE-2023-41570
MikroTik RouterOS v7.1 to 7.11 exists to contain incorrect access control mechanisms in place for the Rest API.
Mikrotik Routeros
NA
CVE-2017-20149
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute ar...
Mikrotik Routeros
5.5
CVSSv2
CVE-2019-15055
MikroTik RouterOS up to and including 6.44.5 and 6.45.x up to and including 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the m...
Mikrotik Routeros
NA
CVE-2022-36522
Mikrotik RouterOs through stable v6.48.3 exists to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted packet.
Mikrotik Routeros
4
CVSSv2
CVE-2018-1158
Mikrotik RouterOS prior to 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
Mikrotik Routeros
1 Article
NA
CVE-2022-45313
Mikrotik RouterOs before stable v7.5 exists to contain an out-of-bounds read in the hotspot process. This vulnerability allows malicious users to execute arbitrary code via a crafted nova message.
Mikrotik Routeros
7.8
CVSSv2
CVE-2020-10364
The SSH daemon on MikroTik routers through v6.44.3 could allow remote malicious users to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
Mikrotik Routeros
6.4
CVSSv2
CVE-2018-14847
MikroTik RouterOS up to and including 6.42 allows unauthenticated remote malicious users to read arbitrary files and remote authenticated malicious users to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Mikrotik Routeros
1 EDB exploit
43 Github repositories
4 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »