The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-09-07
Updated
2023-09-12
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
Max CVSS
9.1
EPSS Score
0.06%
Published
2023-07-19
Updated
2023-07-28
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-03-27
Updated
2023-03-31
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.
Max CVSS
9.8
EPSS Score
0.31%
Published
2022-12-05
Updated
2023-02-03
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.
Max CVSS
8.8
EPSS Score
0.11%
Published
2022-12-05
Updated
2023-02-03
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
Max CVSS
9.8
EPSS Score
0.33%
Published
2022-08-25
Updated
2022-08-31
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
Max CVSS
8.1
EPSS Score
0.35%
Published
2022-03-16
Updated
2022-06-30
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
Max CVSS
8.5
EPSS Score
0.15%
Published
2021-03-19
Updated
2024-03-21
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
Max CVSS
7.8
EPSS Score
0.11%
Published
2022-02-28
Updated
2022-03-08
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
Max CVSS
7.5
EPSS Score
0.11%
Published
2022-02-28
Updated
2022-07-12
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-07-12
Updated
2023-07-20
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.
Max CVSS
7.5
EPSS Score
0.39%
Published
2020-09-14
Updated
2020-09-18
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
Max CVSS
7.8
EPSS Score
0.82%
Published
2020-03-23
Updated
2021-07-21
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
Max CVSS
7.5
EPSS Score
0.64%
Published
2020-10-07
Updated
2021-07-21
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
Max CVSS
7.8
EPSS Score
0.20%
Published
2019-07-03
Updated
2020-08-24
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
Max CVSS
7.5
EPSS Score
0.18%
Published
2019-10-29
Updated
2021-07-21
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning
Max CVSS
7.5
EPSS Score
0.69%
Published
2019-10-29
Updated
2019-11-01
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
Max CVSS
8.5
EPSS Score
0.18%
Published
2019-10-29
Updated
2019-11-01
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
Max CVSS
8.8
EPSS Score
0.13%
Published
2019-10-29
Updated
2021-11-03
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
Max CVSS
8.1
EPSS Score
0.78%
Published
2019-04-10
Updated
2019-12-17
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
Max CVSS
7.5
EPSS Score
5.92%
Published
2019-02-20
Updated
2019-10-09

CVE-2018-14847

Known exploited
Public exploit
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Max CVSS
9.1
EPSS Score
97.50%
Published
2018-08-02
Updated
2019-03-07
CISA KEV Added
2021-12-01

CVE-2018-7445

Known exploited
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
Max CVSS
10.0
EPSS Score
88.07%
Published
2018-03-19
Updated
2018-04-24
CISA KEV Added
2022-09-08
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.
Max CVSS
7.5
EPSS Score
0.12%
Published
2020-03-02
Updated
2020-03-04
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
Max CVSS
9.0
EPSS Score
2.15%
Published
2018-08-23
Updated
2020-08-24
29 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!