Mikrotik : Security Vulnerabilities, CVEs, Published In 2022 (Memory corruption)

CVE-2021-41987

In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
Max CVSS
8.1
EPSS Score
0.35%
Published
2022-03-16
Updated
2022-06-30

CVE-2021-36614

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Max CVSS
6.5
EPSS Score
0.10%
Published
2022-05-11
Updated
2022-10-18

CVE-2021-36613

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Max CVSS
6.5
EPSS Score
0.10%
Published
2022-05-11
Updated
2022-10-18

CVE-2017-20149

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.
Max CVSS
9.8
EPSS Score
0.32%
Published
2022-10-15
Updated
2022-10-20
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close