Routeros Security Vulnerabilities and Issues — Page 2 of Routeros CVE List

Lucene search

MikrotikRouteros

82 matches found

CVE•added 2023/03/27 2:15 p.m.•75 views

CVE-2023-24094

An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.

7.5CVSS7.3AI score0.00042EPSS

CVE•added 2022/10/15 2:15 a.m.•73 views

CVE-2017-20149

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the...

9.8CVSS9.7AI score0.0118EPSS

CVE•added 2018/08/23 7:29 p.m.•70 views

CVE-2018-1158

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.

6.5CVSS6.9AI score0.01321EPSS

CVE•added 2022/02/28 7:15 p.m.•70 views

CVE-2020-22845

A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.

7.8CVSS7.6AI score0.01411EPSS

CVE•added 2020/03/02 10:15 p.m.•66 views

CVE-2018-5951

An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.

7.5CVSS7.4AI score0.13885EPSS

CVE•added 2021/05/03 4:15 p.m.•62 views

CVE-2020-20218

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.

6.5CVSS6.5AI score0.00843EPSS

CVE•added 2022/08/25 2:15 a.m.•60 views

CVE-2022-34960

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.

9.8CVSS9.4AI score0.00154EPSS

CVE•added 2021/07/07 2:15 p.m.•57 views

CVE-2020-20213

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.01008EPSS

CVE•added 2021/07/07 2:15 p.m.•56 views

CVE-2020-20211

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00214EPSS

CVE•added 2022/02/28 7:15 p.m.•54 views

CVE-2020-22844

A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.

7.5CVSS7.6AI score0.01314EPSS

CVE•added 2017/02/27 7:59 a.m.•52 views

CVE-2017-6297

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtain...

5.9CVSS5.6AI score0.00079EPSS

CVE•added 2017/03/12 5:59 a.m.•50 views

CVE-2017-6444

The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 10...

7.8CVSS7.3AI score0.19858EPSS

CVE•added 2017/03/29 2:59 p.m.•50 views

CVE-2017-7285

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.

7.8CVSS7.4AI score0.20817EPSS

CVE•added 2021/05/18 7:15 p.m.•50 views

CVE-2020-20214

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00243EPSS

CVE•added 2021/05/18 7:15 p.m.•47 views

CVE-2020-20236

Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

6.5CVSS6.5AI score0.00778EPSS

CVE•added 2025/05/29 8:15 p.m.•46 views

CVE-2024-54952

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unava...

7.5CVSS7AI score0.00082EPSS

CVE•added 2021/07/07 2:15 p.m.•44 views

CVE-2020-20212

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00952EPSS

CVE•added 2017/05/18 6:29 a.m.•43 views

CVE-2017-8338

A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router a...

7.8CVSS7.5AI score0.02883EPSS

CVE•added 2020/01/14 7:15 p.m.•43 views

CVE-2019-3981

MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.

4.3CVSS4.4AI score0.0026EPSS

CVE•added 2021/07/07 2:15 p.m.•43 views

CVE-2020-20215

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

6.5CVSS6.5AI score0.00822EPSS

CVE•added 2021/05/18 8:15 p.m.•42 views

CVE-2020-20227

Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

6.5CVSS6.5AI score0.01042EPSS

CVE•added 2021/07/19 6:15 p.m.•42 views

CVE-2020-20248

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.00843EPSS

CVE•added 2009/08/19 5:24 a.m.•41 views

CVE-2008-6976

MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.

6.4CVSS6.8AI score0.06177EPSS

CVE•added 2012/11/27 4:49 a.m.•41 views

CVE-2012-6050

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.

6.4CVSS7AI score0.13445EPSS

CVE•added 2021/07/21 3:15 p.m.•40 views

CVE-2020-20219

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01066EPSS

CVE•added 2021/05/18 7:15 p.m.•40 views

CVE-2020-20237

6.5CVSS6.5AI score0.0073EPSS

CVE•added 2021/05/18 7:15 p.m.•39 views

CVE-2020-20222

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00757EPSS

CVE•added 2021/05/18 8:15 p.m.•39 views

CVE-2020-20245

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

6.5CVSS6.5AI score0.01008EPSS

CVE•added 2021/05/18 8:15 p.m.•38 views

CVE-2020-20246

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

6.5CVSS6.5AI score0.01008EPSS

CVE•added 2015/03/19 2:59 p.m.•37 views

CVE-2015-2350

Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.

6.8CVSS7.4AI score0.00174EPSS

CVE•added 2021/07/07 2:15 p.m.•36 views

CVE-2020-20216

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00824EPSS

CVE•added 2025/06/25 10:15 p.m.•22 views

CVE-2025-6443

Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...

7.2CVSS7.2AI score0.00396EPSS

Total number of security vulnerabilities82