Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik routeros vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-10066
An issue exists in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the malicious user to gain access to the client's...
Mikrotik Routeros 6.41.4
9.8
CVSSv3
CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes pla...
Mikrotik Routeros
Mikrotik Routeros 6.4.2
1 EDB exploit
1 Github repository
1 Article
NA
CVE-2018-74453
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes pla...
7.5
CVSSv3
CVE-2017-8338
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote malicious user to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disco...
Mikrotik Routeros 6.38.5
7.5
CVSSv3
CVE-2017-7285
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote malicious user to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
Mikrotik Routeros 6.38.5
1 EDB exploit
7.5
CVSSv3
CVE-2017-6444
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote malicious users to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exp...
Mikrotik Routeros 6.25
1 EDB exploit
5.9
CVSSv3
CVE-2017-6297
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle malicious users to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the tr...
Mikrotik Routeros 6.37.4
Mikrotik Routeros 6.83.3
NA
CVE-2015-2350
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
Mikrotik Routeros
NA
CVE-2012-6050
The winbox service in MikroTik RouterOS 5.15 and previous versions allows remote malicious users to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated b...
Mikrotik Routeros 5.15
1 EDB exploit
NA
CVE-2008-6976
MikroTik RouterOS 3.x up to and including 3.13 and 2.x up to and including 2.9.51 allows remote malicious users to modify Network Management System (NMS) settings via a crafted SNMP set request.
Mikrotik Routeros
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »