PT-2023-8186 · Mikrotik · Routeros +1

Name of the Vulnerable Software and Affected Versions: MikroTik RouterOS versions 7.1 through 7.11 Description: The issue is related to incorrect access control mechanisms in place for the Rest API, which can allow a remote attacker to disclose protected information. Recommendations: For versions...

MikroTik RouterOS <= 6.40.5 DoS Vulnerability

MikroTik RouterOS is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MikroTik RouterOS < 6.49.8 Privilege Escalation Vulnerability

MikroTik RouterOS is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerabilities of the Winbox interface and the HTTP interface of the RouterOS operating system of MikroTik allow attackers to elevate their privileges to the level of Super Admin.

The vulnerability of the Winbox and HTTP interfaces of the RouterOS operating system in MikroTik devices is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the level of Super Admin...

MikroTik RouterOS < 6.48.7, 6.49.x < 6.49.8, 7.x < 7.9.1 RCE Vulnerability

MikroTik RouterOS is prone to a remote code execution RCE vulnerability in the IPv6 advertisement receiver functionality. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking

A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799 CVSS score: 9.1, the shortcoming is expected to put approximately 500,000 and 900,000...

CVE-2023-30799

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...

CVE-2023-30799

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...

Privilege escalation

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...

CVE-2023-30799 MikroTik RouterOS Administrator Privilege Escalation

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...

CVE-2023-30799 MikroTik RouterOS Administrator Privilege Escalation

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...

CVE-2023-30799

CVE-2023-30799 affects MikroTik RouterOS, with vulnerable versions: RouterOS 6.49.7 and earlier (including long-term 6.48.6). The issue is a privilege escalation that allows a remote, authenticated attacker to raise privileges from admin to super-admin via the Winbox or HTTP interface, enabling a...

PT-2023-3875

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions prior to 6.49.7 MikroTik RouterOS long-term versions prior to 6.48.7 Description The issue is related to a privilege escalation problem in the Winbox and HTTP interfaces of MikroTik RouterOS. A remote and authenticat...

MikroTik RouterOS 安全漏洞

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions prior to 6.49.7 stable, prior to 6.48.6 long-term,...

The vulnerability of the radvd (Router Advertisement Daemon) component of the RouterOS operating system in MikroTik routers allows a hacker to execute arbitrary code.

The vulnerability of the radvd Router Advertisement Daemon component of the RouterOS operating system in MikroTik routers stems from the operation of writing data beyond the buffer in memory when processing data entered by the user. Exploiting this vulnerability allows a remote attacker to execut...

Vulnerability fixed in MikroTik RouterOS

MikroTik has fixed a vulnerability in RouterOS. A unauthenticated malicious person could potentially abuse it to execute arbitrary code. To do so, malicious network traffic should be sent to the vulnerable device. sent. MikroTik indicates that systems are only vulnerable when they are use a...

PT-2023-17682 · Undefined · Undefined

Исследователи начинают раскрывать результаты своей работы, которые демонстрировались в рамках хакерского турнира Pwn2Own, проведенного ZDI в декабре прошлого года. Не отстают и поставщики, правда не все. Исследователь Нгуен Хоанг Тхоч из STAR Labs опубликовал подробности двух уязвимостей в VMWare...

(0Day) (Pwn2Own) Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper...

PT-2023-4988 · Mikrotik · Routeros +1

Name of the Vulnerable Software and Affected Versions: MikroTik RouterOS versions prior to 6.49.10 Description: The web server used by MikroTik RouterOS is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted...

The vulnerability of the bridge2 component of the Bridge interface in the RouterOS operating system of MikroTik routers allows a hacker to cause a service failure.

The vulnerability of the bridge2 component in the Bridge interface of the RouterOS operating system for MikroTik relates to errors during resource release. Exploiting this vulnerability allows a malicious actor to cause service failure by sending specially crafted packets...