CVE-2019-15055

Summary (CVE-2019-15055) MikroTik RouterOS versions up to 6.44.5 and 6.45.x up to 6.45.3 are affected by a vulnerability where improper handling of the disk name allows an authenticated user to delete arbitrary files. This can lead to a reset of credential storage, which may enable the attacker t...

MikroTik RouterOS Denial of Service Vulnerability (CNVD-2019-25984)

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A security vulnerability exists in Mikrotik RouterOS versions prior to 6.44.5. A remote attacker can exploit the...

MikroTik RouterOS Denial of Service Vulnerability (CNVD-2019-25988)

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A security vulnerability exists in Mikrotik RouterOS versions prior to 6.44.5. An attacker can exploit the...

CVE-2019-13955

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...

CVE-2019-13955

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...

CVE-2019-13954

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

CVE-2019-13954

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

Code injection

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...

Code injection

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

CVE-2019-13954

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

CVE-2019-13954

CVE-2019-13954 – MikroTik RouterOS before 6.44.5 is affected by a memory-exhaustion DoS vulnerability in the HTTP server. An authenticated remote attacker can send a crafted HTTP request to crash the HTTP server and, in some cases, reboot the system. Malicious code injection is not possible. The ...

CVE-2019-13955

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...

CVE-2019-13955

CVE-2019-13955 affects MikroTik RouterOS prior to 6.44.5. An authenticated remote attacker can trigger a crafted HTTP request that causes recursive JSON parsing, leading to stack exhaustion and denial of service by crashing the HTTP server. Root cause: stack exhaustion due to improper handling of...

The vulnerability of the FTP daemon in the RouterOS operating system of MikroTik allows a hacker to trigger a device reboot.

The vulnerability of the FTP daemon in the RouterOS operating system from MikroTik relates to uncontrolled memory allocation. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot remotely...

MikroTik RouterOS < 6.44.5 (LTS), < 6.45.1 (Stable) Multiple DoS Vulnerabilities

MikroTik RouterOS is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the RouterOS operating system in MikroTik routers, related to errors in path name restrictions for restricted access directories, allows attackers to bypass authentication procedures.

The vulnerability of the RouterOS operating system for MikroTik routers is related to errors in path name restrictions for restricted access directories. Exploiting this vulnerability allows a malicious actor to read and write arbitrary files outside of the /rw/disk directory, through interfaces...

The vulnerability of the RouterOS operating system, related to errors in the watchdog timer, allows a intruder to reboot the device.

The vulnerability of the RouterOS operating system is related to errors in the watchdog timer’s operation. This vulnerability allows a malicious actor to reboot the vulnerable device remotely...

The vulnerability of the RouterOS operating system, caused by errors in handling device cache memory, allows a hacker to trigger a service failure.

The vulnerability of the RouterOS operating system arises from errors in the handling of device cache memory. This vulnerability allows a malicious actor to cause service interruptions remotely...

MikroTik RouterOS Directory Traversal Vulnerability

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A directory traversal vulnerability in MikroTik RouterOS Stable 6.43.12 and earlier, Long-term 6.42.12 and earlier...

CVE-2019-3943

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files...