Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
routeros vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-3979
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can po...
Mikrotik Routeros
6.1
CVSSv3
CVE-2021-3014
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
Mikrotik Routeros
6.5
CVSSv3
CVE-2021-36613
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Mikrotik Routeros
6.5
CVSSv3
CVE-2021-36614
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Mikrotik Routeros
9.8
CVSSv3
CVE-2022-45315
Mikrotik RouterOs before stable v7.6 exists to contain an out-of-bounds read in the snmp process. This vulnerability allows malicious users to execute arbitrary code via a crafted packet.
Mikrotik Routeros
7.5
CVSSv3
CVE-2019-3924
MikroTik RouterOS prior to 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the rout...
Mikrotik Routeros
1 EDB exploit
7.5
CVSSv3
CVE-2019-3978
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated malicious users to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially ...
Mikrotik Routeros
1 EDB exploit
9.8
CVSSv3
CVE-2017-20149
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute ar...
Mikrotik Routeros
NA
CVE-2015-2350
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
Mikrotik Routeros
8.8
CVSSv3
CVE-2022-45313
Mikrotik RouterOs before stable v7.5 exists to contain an out-of-bounds read in the hotspot process. This vulnerability allows malicious users to execute arbitrary code via a crafted nova message.
Mikrotik Routeros
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »