998 matches found
EUVD-2026-43601
An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...
CVE-2026-39042
An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...
CVE-2026-39042
An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...
CVE-2026-39042
The CVE-2026-39042 issue affects MikroTik RouterOS, specifically 7.21.x prior to 7.21.4 and 7.22.x prior to 7.22.2. The vulnerability resides in the unflatten() function within libumsg.so, allowing a remote attacker to cause a denial of service. No exploitation details are provided in the documen...
CVE-2024-27686
Mikrotik RouterOS x86 6.40.5 through 6.49.10 fixed in 7 allows a remote attacker to cause a denial of service device crash via crafted packet data to the SMB service on TCP port 445...
EUVD-2024-24880
Mikrotik RouterOS x86 6.40.5 through 6.49.10 fixed in 7 allows a remote attacker to cause a denial of service device crash via crafted packet data to the SMB service on TCP port 445...
CVE-2024-27686
Mikrotik RouterOS x86 6.40.5 through 6.49.10 fixed in 7 allows a remote attacker to cause a denial of service device crash via crafted packet data to the SMB service on TCP port 445...
CVE-2024-27686
Mikrotik RouterOS x86 6.40.5 through 6.49.10 fixed in 7 allows a remote attacker to cause a denial of service device crash via crafted packet data to the SMB service on TCP port 445...
CVE-2024-27686
Mikrotik RouterOS x86 6.40.5 through 6.49.10 fixed in 7 allows a remote attacker to cause a denial of service device crash via crafted packet data to the SMB service on TCP port 445...
CVE-2024-27686
Mikrotik RouterOS x86 6.40.5 through 6.49.10 fixed in 7 allows a remote attacker to cause a denial of service device crash via crafted packet data to the SMB service on TCP port 445...
Mikrotik RouterOS 资源管理错误漏洞
Mikrotik RouterOS is an operating system for network devices developed by the Latvian company Mikrotik. There were resource management vulnerabilities in the Mikrotik RouterOS x86 version 6.40.5 to 6.49.10. These vulnerabilities stemmed from the SMB service’s handling of specially crafted packets...
MikroTik RouterOS <= 7.20 Authentication Bypass via Improper Certificate Validation (CVE-2025-42611)
According to its self-reported version, the remote networking device is running a version of MikroTik RouterOS 7.x prior to or equal to 7.20. It is, therefore, affected by an authentication bypass vulnerability caused by improper certificate validation. The vulnerability lies in shared certificat...
CVE-2024-27686
CVE-2024-27686 affects MikroTik RouterOS on x86, with versions 6.40.5 through 6.49.10 vulnerable to remote denial of service via specially crafted SMB data on TCP port 445; 6.49.10 is among the tested ranges and the fix is in version 7. The root cause involves handling of SMB requests that can cr...
CVE-2025-42611
CVE-2025-42611 : RouterOS provides multiple services (OpenVPN, CAPsMAN, Dot1x) that rely on certificate verification using a system-wide trusted store. The vulnerability stems from shared certificate validation logic that uses this store, allowing any CA in the trust store to be trusted across co...
CVE-2025-42611
RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...
CVE-2025-42611 Improper certificate validation in multiple RouterOS services
RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...
CVE-2025-42611 Improper certificate validation in multiple RouterOS services
RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...
Mikrotik RouterOS 信任管理问题漏洞
Mikrotik RouterOS is an operating system for network devices developed by the Latvian company Mikrotik. There is a vulnerability in MikroTik RouterOS’s trust management mechanism. This vulnerability stems from the shared certificate validation logic, which leads to scope confusion. As a result, a...
CVE-2026-7668
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...
CVE-2026-7668
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...