Published: 27/11/2012 Updated: 29/08/2017
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 645
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Summary

The winbox service in MikroTik RouterOS 5.15 and previous versions allows remote malicious users to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.

Affected Products

Vendor Product Versions


#!/usr/bin/python # Exploit Title: Mikrotik Router Remote Denial Of Service attack # Date: 19/4/2012 # Author: PoURaN @ 133tseccom # Software Link: wwwmikrotikcom # Version: All mikrotik routers with winbox service enabled are affected (still a 0day 30/5/2012) # Tested on: Mikrotis RouterOS 296 up to 515 # # Vulnerability ...