Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
routeros vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-3976
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell ...
Mikrotik Routeros
7.5
CVSSv3
CVE-2019-3977
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possi...
Mikrotik Routeros
7.5
CVSSv3
CVE-2019-3979
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can po...
Mikrotik Routeros
6.5
CVSSv3
CVE-2020-20216
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Mikrotik Routeros 6.44.6
6.5
CVSSv3
CVE-2020-20245
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
Mikrotik Routeros 6.46.3
7.5
CVSSv3
CVE-2017-8338
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote malicious user to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disco...
Mikrotik Routeros 6.38.5
8.1
CVSSv3
CVE-2018-10066
An issue exists in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the malicious user to gain access to the client's...
Mikrotik Routeros 6.41.4
7.5
CVSSv3
CVE-2017-7285
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote malicious user to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
Mikrotik Routeros 6.38.5
1 EDB exploit
NA
CVE-2012-6050
The winbox service in MikroTik RouterOS 5.15 and previous versions allows remote malicious users to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated b...
Mikrotik Routeros 5.15
1 EDB exploit
7.5
CVSSv3
CVE-2020-22845
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated malicious users to cause a denial of service (DOS) via crafted FTP requests.
Mikrotik Routeros 6.47
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2023-38506
CVE-2024-37198
CVE-2023-45197
CVE-2024-38621
CVE-2024-30103
elevation of privilege
CVE-2024-0044
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »