Routeros Security Vulnerabilities and Issues — Routeros CVE List

Lucene search

MikrotikRouteros

34 matches found

CVE•added 2021/07/08 12:15 p.m.•132 views

CVE-2020-20217

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.01943EPSS

CVE•added 2021/07/14 2:15 p.m.•122 views

CVE-2020-20231

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01006EPSS

CVE•added 2021/05/03 4:15 p.m.•117 views

CVE-2020-20247

Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.

6.5CVSS6.5AI score0.0089EPSS

CVE•added 2021/07/13 6:15 p.m.•117 views

CVE-2020-20252

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01013EPSS

CVE•added 2021/07/07 2:15 p.m.•114 views

CVE-2020-20225

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00342EPSS

CVE•added 2021/07/21 3:15 p.m.•110 views

CVE-2020-20262

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00347EPSS

CVE•added 2021/07/21 3:15 p.m.•105 views

CVE-2020-20221

Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.8CVSS6.3AI score0.01525EPSS

CVE•added 2021/07/19 5:15 p.m.•105 views

CVE-2020-20230

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.01215EPSS

CVE•added 2021/05/18 2:15 p.m.•105 views

CVE-2020-20254

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01194EPSS

CVE•added 2021/07/13 12:15 p.m.•102 views

CVE-2020-20250

6.5CVSS6.6AI score0.0136EPSS

CVE•added 2021/05/18 8:15 p.m.•101 views

CVE-2020-20220

Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01439EPSS

CVE•added 2021/05/11 3:15 p.m.•101 views

CVE-2020-20265

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.

6.5CVSS6.5AI score0.00403EPSS

CVE•added 2021/05/11 3:15 p.m.•101 views

CVE-2020-20267

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

6.5CVSS6.5AI score0.0101EPSS

CVE•added 2021/07/19 6:15 p.m.•100 views

CVE-2020-20249

Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.

6.5CVSS6.5AI score0.00311EPSS

CVE•added 2021/05/18 2:15 p.m.•100 views

CVE-2020-20253

Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

6.5CVSS6.2AI score0.01194EPSS

CVE•added 2021/05/19 12:15 p.m.•95 views

CVE-2020-20264

Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

6.5CVSS6.3AI score0.01561EPSS

CVE•added 2021/05/19 12:15 p.m.•95 views

CVE-2020-20266

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01566EPSS

CVE•added 2021/01/04 7:15 p.m.•81 views

CVE-2021-3014

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.

6.1CVSS5.9AI score0.00576EPSS

CVE•added 2021/03/19 3:15 a.m.•77 views

CVE-2021-27221

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work

8.5CVSS7.8AI score0.41887EPSS

CVE•added 2021/05/03 4:15 p.m.•62 views

CVE-2020-20218

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.

6.5CVSS6.5AI score0.00876EPSS

CVE•added 2021/07/07 2:15 p.m.•57 views

CVE-2020-20213

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.01047EPSS

CVE•added 2021/07/07 2:15 p.m.•56 views

CVE-2020-20211

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00222EPSS

CVE•added 2021/05/18 7:15 p.m.•50 views

CVE-2020-20214

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5CVSS6.2AI score0.00252EPSS

CVE•added 2021/05/18 7:15 p.m.•47 views

CVE-2020-20236

Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

6.5CVSS6.5AI score0.00809EPSS

CVE•added 2021/07/07 2:15 p.m.•44 views

CVE-2020-20212

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00989EPSS

CVE•added 2021/07/07 2:15 p.m.•43 views

CVE-2020-20215

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

6.5CVSS6.5AI score0.00854EPSS

CVE•added 2021/05/18 8:15 p.m.•42 views

CVE-2020-20227

Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

6.5CVSS6.5AI score0.01083EPSS

CVE•added 2021/07/19 6:15 p.m.•42 views

CVE-2020-20248

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5CVSS6.3AI score0.00876EPSS

CVE•added 2021/07/21 3:15 p.m.•40 views

CVE-2020-20219

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.01107EPSS

CVE•added 2021/05/18 7:15 p.m.•40 views

CVE-2020-20237

6.5CVSS6.5AI score0.00758EPSS

CVE•added 2021/05/18 7:15 p.m.•39 views

CVE-2020-20222

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00787EPSS

CVE•added 2021/05/18 8:15 p.m.•39 views

CVE-2020-20245

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

6.5CVSS6.5AI score0.01047EPSS

CVE•added 2021/05/18 8:15 p.m.•38 views

CVE-2020-20246

Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.

6.5CVSS6.5AI score0.01047EPSS

CVE•added 2021/07/07 2:15 p.m.•36 views

CVE-2020-20216

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5CVSS6.5AI score0.00857EPSS