993 matches found
Exploit for Path Traversal in Mikrotik Routeros
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html Introduction LadonGo is an open source intranet penetration scanner framework, which can be used to easily detect segment C, B, A live hosts, fingerprint identification, port scanning, password explosion, remote execution, high-ri...
Exploit for CVE-2024-27686
MikroTik RouterOS Denial of Service Vulnerability 📌 Descri...
MikroTik RouterOS <= 7.19.3 Access Control Vulnerability
MikroTik RouterOS is prone to an access control vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:mikrotik:routeros"...
MikroTik RouterOS < 6.49.13, 7.x < 7.14 IPv6 Vulnerability
MikroTik RouterOS is prone to a vulnerability in the IPv6 firewall rule. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
MikroTik RouterOS 7.x < 7.19.2 XSS Vulnerability
MikroTik RouterOS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
📄 MikroTik RouterOS 7.19.1 Cross Site Scripting
MikroTik RouterOS versions 7.19.1 and below suffer from a cross site scripting vulnerability. Exploit Title: MikroTik RouterOS 7.19.1 - Reflected XSS Google Dork: inurl:/login?dst= Date: 2025-07-15 Exploit Author: Prak Sokchea Vendor Homepage: https://mikrotik.com Software Link:...
MikroTik RouterOS 7.19.1 - Reflected XSS
Exploit Title: MikroTik RouterOS 7.19.1 - Reflected XSS Google Dork: inurl:/login?dst= Date: 2025-07-15 Exploit Author: Prak Sokchea Vendor Homepage: https://mikrotik.com Software Link: https://mikrotik.com/download Version: RouterOS /login?dst=javascript:alert3 A reflected XSS will be triggered...
The vulnerability of the RouterOS operating system for MikroTik routers, related to insufficient validation of input data, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the RouterOS operating system for MikroTik routers is related to insufficient validation of input data when processing the dst parameter. Exploiting this vulnerability allows a malicious actor to perform domain-based scenario attacks remotely...
📄 MikroTik RouterOS Cross Site Scripting
A reflected cross site scripting vulnerability exists in MikroTik RouterOS versions prior to version 7, specifically in the UserManager web interface. This flaw can be exploited by unauthenticated attackers, allowing JavaScript injection via a specially crafted URL without requiring a valid login...
CVE-2025-6563
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the javascript protocol in the dst parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also...
CVE-2025-6563
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the javascript protocol in the dst parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also...
CVE-2025-6563 Cross-site scripting via dst parameter in RouterOS WiFi hotspot
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the javascript protocol in the dst parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also...
CVE-2025-6563 Cross-site scripting via dst parameter in RouterOS WiFi hotspot
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the javascript protocol in the dst parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also...
CVE-2025-6563
MikroTik RouterOS has a cross-site scripting (XSS) vulnerability in the hotspot component for versions below 7.19.2. The issue stems from improper handling of the destination URL parameter (dst), allowing an attacker to inject a javascript: payload. When a user visits the crafted login URL and au...
MikroTik RouterOS 安全漏洞
MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions prior to 7.19.2, which stems from a cross-site...
CVE-2023-47310
A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets...
CVE-2023-47310
A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets...
CVE-2023-47310
A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets...
CVE-2023-47310
A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets...
CVE-2023-47310
CVE-2023-47310 describes a misconfiguration in the default settings of MikroTik RouterOS 7 that allows incoming IPv6 UDP traceroute packets. The issue affects RouterOS 7.x before the fixed 7.14 release; the root cause is a default-configuration error in IPv6 handling that bypasses expected filter...