Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
routeros vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-3014
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
Mikrotik Routeros
445
VMScore
CVE-2019-16160
An integer underflow in the SMB server of MikroTik RouterOS prior to 6.45.5 allows remote unauthenticated malicious users to crash the service.
Mikrotik Routeros
445
VMScore
CVE-2020-11881
An array index error in MikroTik RouterOS 6.41.3 up to and including 6.46.5, and 7.x up to and including 7.0 Beta5, allows an unauthenticated remote malicious user to crash the SMB server via modified setup-request packets, aka SUP-12964.
Mikrotik Routeros
Mikrotik Routeros 7.0
1 Github repository
694
VMScore
CVE-2020-10364
The SSH daemon on MikroTik routers through v6.44.3 could allow remote malicious users to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
Mikrotik Routeros
632
VMScore
CVE-2018-5951
An issue exists in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.
Mikrotik Routeros
1 Github repository
383
VMScore
CVE-2019-3981
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
Mikrotik Routeros
Mikrotik Winbox
578
VMScore
CVE-2019-3976
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell ...
Mikrotik Routeros
756
VMScore
CVE-2019-3977
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possi...
Mikrotik Routeros
505
VMScore
CVE-2019-3978
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated malicious users to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially ...
Mikrotik Routeros
1 EDB exploit
445
VMScore
CVE-2019-3979
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can po...
Mikrotik Routeros
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »