Skip to main content

Routeros

38 CVEs product

Monthly

CVE-2025-6443 HIGH This Week

CVE-2025-6443 is an unauthenticated remote access control bypass vulnerability in Mikrotik RouterOS affecting VXLAN traffic handling. The vulnerability allows remote attackers to bypass ingress filtering and gain unauthorized access to internal network resources by exploiting improper validation of remote IP addresses in VXLAN packets. With a CVSS score of 7.2 (Network-based, Low complexity, No privileges required) and unauthenticated exploitation capability, this vulnerability presents a significant risk to exposed RouterOS deployments, particularly those utilizing VXLAN for network segmentation.

Mikrotik Authentication Bypass Routeros
NVD
CVSS 3.0
7.2
EPSS
0.2%
CVE-2024-54952 HIGH This Month

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Buffer Overflow Mikrotik Denial Of Service Routeros
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54772 MEDIUM POC This Month

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD GitHub
CVSS 3.1
5.4
EPSS
4.9%
CVE-2023-41570 MEDIUM POC This Month

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mikrotik Authentication Bypass Routeros
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-30800 HIGH POC This Week

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mikrotik Routeros
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-30799 HIGH This Week

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Mikrotik Routeros
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2020-20021 HIGH POC This Week

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-24094 HIGH POC This Week

An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Memory Corruption Buffer Overflow Routeros
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-45313 HIGH POC This Week

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure RCE Buffer Overflow Routeros
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-36522 MEDIUM POC This Month

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-34960 CRITICAL POC Act Now

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mikrotik Routeros
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-27221 HIGH POC This Week

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
8.1
EPSS
4.5%
CVE-2021-3014 MEDIUM POC This Month

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik XSS Routeros
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-11881 HIGH POC This Week

An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-10364 HIGH POC This Week

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-3979 HIGH This Week

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-3978 HIGH POC THREAT This Week

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mikrotik Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
10.3%
CVE-2019-3977 HIGH This Week

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-3976 HIGH This Week

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-15055 MEDIUM POC This Month

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mikrotik Routeros
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2019-13955 MEDIUM This Month

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
6.5
EPSS
3.8%
CVE-2019-13954 MEDIUM This Month

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
6.5
EPSS
4.3%
CVE-2019-13074 HIGH This Week

A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-3943 HIGH POC This Week

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mikrotik Routeros
NVD
CVSS 3.1
8.1
EPSS
3.7%
CVE-2019-3924 HIGH POC THREAT This Week

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mikrotik Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
15.7%
CVE-2018-1159 MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Buffer Overflow Routeros
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1158 MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1157 MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD
CVSS 3.0
6.5
EPSS
4.4%
CVE-2018-1156 HIGH POC This Week

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Memory Corruption RCE Buffer Overflow Routeros
NVD
CVSS 3.0
8.8
EPSS
7.4%
CVE-2018-14847 CRITICAL POC KEV THREAT Act Now

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Path Traversal Routeros
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
96.1%
CVE-2018-10066 HIGH POC This Week

An issue was discovered in MikroTik RouterOS 6.41.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2018-7445 CRITICAL POC KEV THREAT Act Now

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik RCE Buffer Overflow Routeros
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
61.0%
CVE-2017-8338 HIGH POC This Week

A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2017-7285 HIGH POC THREAT Act Now

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

Denial Of Service Mikrotik Routeros
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
21.2%
CVE-2017-6444 HIGH POC THREAT Act Now

The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Denial Of Service Mikrotik Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
18.1%
CVE-2017-6297 MEDIUM POC This Month

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2015-2350 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Mikrotik Routeros
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-6050 MEDIUM POC This Month

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
8.6%
EPSS 0% CVSS 7.2
HIGH This Week

CVE-2025-6443 is an unauthenticated remote access control bypass vulnerability in Mikrotik RouterOS affecting VXLAN traffic handling. The vulnerability allows remote attackers to bypass ingress filtering and gain unauthorized access to internal network resources by exploiting improper validation of remote IP addresses in VXLAN packets. With a CVSS score of 7.2 (Network-based, Low complexity, No privileges required) and unauthenticated exploitation capability, this vulnerability presents a significant risk to exposed RouterOS deployments, particularly those utilizing VXLAN for network segmentation.

Mikrotik Authentication Bypass Routeros
NVD
EPSS 0% CVSS 7.5
HIGH This Month

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Buffer Overflow Mikrotik +2
NVD GitHub
EPSS 5% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mikrotik Authentication Bypass Routeros
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mikrotik +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Mikrotik +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Memory Corruption +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure RCE +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mikrotik Routeros
NVD
EPSS 4% CVSS 8.1
HIGH POC This Week

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik XSS Routeros
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
EPSS 10% CVSS 7.5
HIGH POC THREAT This Week

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mikrotik Routeros
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
EPSS 2% CVSS 8.8
HIGH This Week

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mikrotik Routeros
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM This Month

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
EPSS 4% CVSS 8.1
HIGH POC This Week

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mikrotik Routeros
NVD
EPSS 16% CVSS 7.5
HIGH POC THREAT This Week

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mikrotik Routeros
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Buffer Overflow Routeros
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD
EPSS 4% CVSS 6.5
MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Memory Corruption RCE +2
NVD
EPSS 96% CVSS 9.1
CRITICAL POC KEV THREAT Act Now

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Path Traversal Routeros
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.1
HIGH POC This Week

An issue was discovered in MikroTik RouterOS 6.41.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
EPSS 61% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik RCE Buffer Overflow +1
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH POC This Week

A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
EPSS 21% CVSS 7.5
HIGH POC THREAT Act Now

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

Denial Of Service Mikrotik Routeros
NVD Exploit-DB
EPSS 18% CVSS 7.5
HIGH POC THREAT Act Now

The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Denial Of Service Mikrotik Routeros
NVD Exploit-DB
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Mikrotik Routeros
NVD
EPSS 9% CVSS 6.4
MEDIUM POC This Month

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy