6 matches found
CVE-2025-61481
An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials...
EUVD-2025-36192
An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute arbitrary code via the HTTP- only WebFig management component...
CVE-2025-61481
An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials...
CVE-2025-61481
An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials...
CVE-2025-61481
The CVE-2025-61481 entry concerns MikroTik RouterOS v7.14.2 and SwOS v2.18 (also SwitchOS v2.18 in related disclosures) where the WebFig management interface is exposed over cleartext HTTP by default. This misconfiguration allows an on‑path attacker to inject JavaScript in the administrator’s bro...
CVE-2025-61481
An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials...