Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mikrotik routeros vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes pla...
Mikrotik Routeros
Mikrotik Routeros 6.4.2
1 EDB exploit
1 Github repository
1 Article
9
CVSSv2
CVE-2018-1156
Mikrotik RouterOS prior to 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
Mikrotik Routeros
1 Article
8.5
CVSSv2
CVE-2021-27221
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
Mikrotik Routeros 6.47.9
8.5
CVSSv2
CVE-2019-3977
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possi...
Mikrotik Routeros
7.8
CVSSv2
CVE-2020-22845
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated malicious users to cause a denial of service (DOS) via crafted FTP requests.
Mikrotik Routeros 6.47
7.8
CVSSv2
CVE-2020-10364
The SSH daemon on MikroTik routers through v6.44.3 could allow remote malicious users to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
Mikrotik Routeros
7.8
CVSSv2
CVE-2019-13074
A vulnerability in the FTP daemon on MikroTik routers up to and including 6.44.3 could allow remote malicious users to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
Mikrotik Routeros
7.8
CVSSv2
CVE-2017-8338
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote malicious user to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disco...
Mikrotik Routeros 6.38.5
7.8
CVSSv2
CVE-2017-7285
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote malicious user to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
Mikrotik Routeros 6.38.5
1 EDB exploit
7.8
CVSSv2
CVE-2017-6444
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote malicious users to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exp...
Mikrotik Routeros 6.25
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »