Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-1159
Mikrotik RouterOS prior to 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
Mikrotik Routeros
1 Article
7.5
CVSSv3
CVE-2020-10364
The SSH daemon on MikroTik routers through v6.44.3 could allow remote malicious users to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
Mikrotik Routeros
6.5
CVSSv3
CVE-2021-36613
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Mikrotik Routeros
6.5
CVSSv3
CVE-2021-36614
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Mikrotik Routeros
7.2
CVSSv3
CVE-2023-30799
MikroTik RouterOS stable prior to 6.49.7 and long-term up to and including 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vul...
Mikrotik Routeros
7.5
CVSSv3
CVE-2023-30800
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted...
Mikrotik Routeros
6.5
CVSSv3
CVE-2019-15055
MikroTik RouterOS up to and including 6.44.5 and 6.45.x up to and including 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the m...
Mikrotik Routeros
7.5
CVSSv3
CVE-2020-22845
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated malicious users to cause a denial of service (DOS) via crafted FTP requests.
Mikrotik Routeros 6.47
7.5
CVSSv3
CVE-2018-10070
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote malicious user to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from acce...
Mikrotik Router Firmware 6.41.4
1 EDB exploit
8.1
CVSSv3
CVE-2018-10066
An issue exists in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the malicious user to gain access to the client's...
Mikrotik Routeros 6.41.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »