Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik routeros vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-30800
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted...
Mikrotik Routeros
NA
CVE-2015-2350
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
Mikrotik Routeros
6.5
CVSSv3
CVE-2022-36522
Mikrotik RouterOs through stable v6.48.3 exists to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted packet.
Mikrotik Routeros
7.5
CVSSv3
CVE-2023-24094
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows malicious users to cause a Denial of Service (DoS) via crafted packets.
Mikrotik Routeros 6.40.5
8.1
CVSSv3
CVE-2021-27221
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
Mikrotik Routeros 6.47.9
6.5
CVSSv3
CVE-2020-20237
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
Mikrotik Routeros 6.46.3
6.5
CVSSv3
CVE-2020-20245
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
Mikrotik Routeros 6.46.3
6.5
CVSSv3
CVE-2020-20246
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
Mikrotik Routeros 6.46.3
7.5
CVSSv3
CVE-2017-7285
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote malicious user to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
Mikrotik Routeros 6.38.5
1 EDB exploit
7.5
CVSSv3
CVE-2020-22844
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated malicious users to cause a denial of service (DOS) via crafted SMB requests.
Mikrotik Routeros 6.47
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »