Skip to main content

Mikrotik CVE-2022-45315

MEDIUM
Out-of-bounds Read (CWE-125)
2022-12-05 cve@mitre.org
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
PoC Detected
Apr 09, 2026 - 21:16 vuln.today
Public exploit code
CVE Published
Dec 05, 2022 - 16:15 nvd
MEDIUM 6.4

DescriptionCVE.org

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.

AnalysisAI

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet. Affected products include: Mikrotik Routeros.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2017-17538 HIGH POC
7.5 Dec 13

MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. Rated high sev

CVE-2017-7285 HIGH POC
7.5 Mar 29

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remot

CVE-2017-6444 HIGH POC
7.5 Mar 12

The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast netw

CVE-2022-34960 CRITICAL POC
9.8 Aug 25

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links

CVE-2020-13118 CRITICAL POC
9.8 May 16

An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. Rated critical severity (CVSS 9.8), thi

CVE-2018-7445 CRITICAL POC
9.8 Mar 19

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Rated

CVE-2018-14847 CRITICAL POC
9.1 Aug 02

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated

CVE-2022-45313 HIGH POC
8.8 Dec 05

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. Rated high

CVE-2018-1156 HIGH POC
8.8 Aug 23

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface.

CVE-2012-6050 MEDIUM POC
6.4 Nov 27

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consu

CVE-2021-27221 HIGH POC
8.1 Mar 19

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /expo

CVE-2019-3943 HIGH POC
8.1 Apr 10

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are v

Share

CVE-2022-45315 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy