Routeros

routeros

Vendor: Mikrotik • 82 CVEs

CVEs (82)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-20220 1Mikrotik 1Routeros Nov 21, 2024 May 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20237 1Mikrotik 1Routeros Nov 21, 2024 May 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20236 1Mikrotik 1Routeros Nov 21, 2024 May 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20222 1Mikrotik 1Routeros Nov 21, 2024 May 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20214 1Mikrotik 1Routeros Nov 21, 2024 May 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted pac...Show more Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.Show less
CVE-2020-20254 1Mikrotik 1Routeros Nov 21, 2024 May 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20253 1Mikrotik 1Routeros Nov 21, 2024 May 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
CVE-2020-20267 1Mikrotik 1Routeros Nov 21, 2024 May 11, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
CVE-2020-20265 1Mikrotik 1Routeros Nov 21, 2024 May 11, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a cra...Show more Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.Show less
CVE-2020-20247 1Mikrotik 1Routeros Nov 21, 2024 May 3, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter va...Show more Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.Show less
CVE-2020-20218 1Mikrotik 1Routeros Nov 21, 2024 May 3, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variab...Show more Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.Show less
CVE-2021-27221 1Mikrotik 1Routeros Nov 21, 2024 Mar 19, 2021 N/A· v4 8.1 HIGH· v3 8.5 HIGH· v2 MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user polici...Show more MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies workShow less
CVE-2021-3014 1Mikrotik 1Routeros Nov 21, 2024 Jan 4, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
CVE-2019-16160 1Mikrotik 1Routeros Nov 21, 2024 Oct 7, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
CVE-2020-11881 1Mikrotik 1Routeros Nov 21, 2024 Sep 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.
CVE-2020-10364 1Mikrotik 1Routeros Nov 21, 2024 Mar 23, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of u...Show more The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.Show less
CVE-2018-5951 1Mikrotik 1Routeros Nov 21, 2024 Mar 2, 2020 N/A· v4 7.5 HIGH· v3 7.1 HIGH· v2 An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of...Show more An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.Show less
CVE-2019-3981 1Mikrotik 2Routeros Winbox Nov 21, 2024 Jan 14, 2020 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
CVE-2019-3979 1Mikrotik 1Routeros Nov 21, 2024 Oct 29, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was querie...Show more RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.Show less
CVE-2019-3978 1Mikrotik 1Routeros Nov 21, 2024 Oct 29, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS...Show more RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoningShow less

Previous 1 234 5 Next