Routeros Security Vulnerabilities and Issues — Routeros CVE List

Lucene search

MikrotikRouteros

34 matches found

CVE•added 2021/07/08 12:15 p.m.•133 views

CVE-2020-20217

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.01364EPSS

CVE•added 2021/07/14 2:15 p.m.•124 views

CVE-2020-20231

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00703EPSS

CVE•added 2021/05/03 4:15 p.m.•119 views

CVE-2020-20247

Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.

6.5CVSS6.5AI score0.00724EPSS

CVE•added 2021/07/13 6:15 p.m.•118 views

CVE-2020-20252

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00824EPSS

CVE•added 2021/07/07 2:15 p.m.•115 views

CVE-2020-20225

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00239EPSS

CVE•added 2021/07/21 3:15 p.m.•111 views

CVE-2020-20262

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00241EPSS

CVE•added 2021/07/21 3:15 p.m.•107 views

CVE-2020-20221

Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.8CVSS6.3AI score0.01048EPSS

CVE•added 2021/07/19 5:15 p.m.•106 views

CVE-2020-20230

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.0085EPSS

CVE•added 2021/05/18 2:15 p.m.•106 views

CVE-2020-20254

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00835EPSS

CVE•added 2021/07/13 12:15 p.m.•103 views

CVE-2020-20250

6.5CVSS6.6AI score0.00952EPSS

CVE•added 2021/05/18 8:15 p.m.•102 views

CVE-2020-20220

Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01008EPSS

CVE•added 2021/05/11 3:15 p.m.•102 views

CVE-2020-20265

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.

6.5CVSS6.5AI score0.00281EPSS

CVE•added 2021/05/11 3:15 p.m.•102 views

CVE-2020-20267

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

6.5CVSS6.5AI score0.00822EPSS

CVE•added 2021/07/19 6:15 p.m.•101 views

CVE-2020-20249

Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.

6.5CVSS6.5AI score0.00252EPSS

CVE•added 2021/05/18 2:15 p.m.•101 views

CVE-2020-20253

Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

6.5CVSS6.2AI score0.00835EPSS

CVE•added 2021/05/19 12:15 p.m.•96 views

CVE-2020-20264

Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

6.5CVSS6.3AI score0.01094EPSS

CVE•added 2021/05/19 12:15 p.m.•96 views

CVE-2020-20266

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01097EPSS

CVE•added 2021/01/04 7:15 p.m.•83 views

CVE-2021-3014

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.

6.1CVSS5.9AI score0.00296EPSS

CVE•added 2021/03/19 3:15 a.m.•79 views

CVE-2021-27221

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work

8.5CVSS7.8AI score0.37814EPSS

CVE•added 2021/05/03 4:15 p.m.•64 views

CVE-2020-20218

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.

6.5CVSS6.5AI score0.00843EPSS

CVE•added 2021/07/07 2:15 p.m.•59 views

CVE-2020-20213

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.01008EPSS

CVE•added 2021/07/07 2:15 p.m.•57 views

CVE-2020-20211

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00214EPSS

CVE•added 2021/05/18 7:15 p.m.•51 views

CVE-2020-20214

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00243EPSS

CVE•added 2021/05/18 7:15 p.m.•48 views

CVE-2020-20236

Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

6.5CVSS6.5AI score0.00778EPSS

CVE•added 2021/07/07 2:15 p.m.•45 views

CVE-2020-20212

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00952EPSS

CVE•added 2021/07/07 2:15 p.m.•44 views

CVE-2020-20215

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

6.5CVSS6.5AI score0.00822EPSS

CVE•added 2021/05/18 8:15 p.m.•43 views

CVE-2020-20227

Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

6.5CVSS6.5AI score0.01042EPSS

CVE•added 2021/07/19 6:15 p.m.•43 views

CVE-2020-20248

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.00843EPSS

CVE•added 2021/07/21 3:15 p.m.•41 views

CVE-2020-20219

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01066EPSS

CVE•added 2021/05/18 7:15 p.m.•41 views

CVE-2020-20237

6.5CVSS6.5AI score0.0073EPSS

CVE•added 2021/05/18 7:15 p.m.•40 views

CVE-2020-20222

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00757EPSS

CVE•added 2021/05/18 8:15 p.m.•40 views

CVE-2020-20245

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

6.5CVSS6.5AI score0.01008EPSS

CVE•added 2021/05/18 8:15 p.m.•40 views

CVE-2020-20246

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

6.5CVSS6.5AI score0.01008EPSS

CVE•added 2021/07/07 2:15 p.m.•37 views

CVE-2020-20216

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00824EPSS