CVE-2025-61481

An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials...

EUVD-2025-36192

An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute arbitrary code via the HTTP- only WebFig management component...

CVE-2025-61481

An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials...

MikroTik RouterOS和MikroTik RouterOS 7 安全漏洞

MikroTik RouterOS and MikroTik RouterOS 7 are both products of the Latvian company MikroTik.MikroTik RouterOS is a router operating system developed on Linux. The system can be deployed in a PC to make it provide router functionality.MikroTik RouterOS 7 is an operating system... A security...

CVE-2025-61481

An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials...

CVE-2025-61481

An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials...

CVE-2025-61481

The CVE-2025-61481 entry concerns MikroTik RouterOS v7.14.2 and SwOS v2.18 (also SwitchOS v2.18 in related disclosures) where the WebFig management interface is exposed over cleartext HTTP by default. This misconfiguration allows an on‑path attacker to inject JavaScript in the administrator’s bro...

PT-2025-43960

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS version 7.14.2 MikroTik SwitchOS version 2.18 Description An issue exists in MikroTik RouterOS and SwitchOS where the WebFig management interface is exposed over cleartext HTTP by default. This allows a remote attacker to...

Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic

Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially...

Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic

Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially...