Skip to main content

Mikrotik

Vendor security scorecard – 6 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 65
6
CVEs
0
Critical
4
High
0
KEV
3
PoC
4
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
4
MEDIUM
2
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2024-27686 Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.5 0.2% 58
PoC No patch
CVE-2025-10948 A vulnerability has been found in MikroTik RouterOS 7. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.4 0.2% 57
PoC No patch
CVE-2026-7668 Out-of-bounds read in MikroTik RouterOS 6.49.8 SCEP endpoint allows remote unauthenticated attackers to trigger memory disclosure and potential service disruption via malformed transactionID or messageType parameters. Public exploit code exists on GitHub. CVSS 7.3 reflects network-accessible attack surface with low complexity, though impact is rated limited across confidentiality, integrity, and availability. Vendor non-responsive to coordinated disclosure attempts. MEDIUM 5.5 0.0% 48
PoC No patch
CVE-2026-48695 OS command injection in FastNetMon Community Edition through 1.2.9 lets an authenticated network attacker execute arbitrary shell commands via the MikroTik router integration plugin by influencing argv[] values passed to the unsanitized _log() function. The flaw mirrors a previously disclosed Juniper plugin issue in the same project, and while a public technical write-up exists at lorikeetsecurity.com, no public exploit code or active exploitation has been identified, with EPSS at 0.05% (17th percentile). HIGH 8.1 0.1% 41
No patch
CVE-2026-39042 Denial of service in MikroTik RouterOS 7.21.x (before 7.21.4) and 7.22.x (before 7.22.2) allows a remote unauthenticated attacker to crash the core inter-process communication layer by triggering an integer overflow in the unflatten() function of the bundled libumsg.so library. Successfully exploiting it disrupts device availability without touching data confidentiality or integrity. There is no public exploit identified at time of analysis, though a third-party research blog documents the underlying integer overflow; EPSS is low at 0.20% (10th percentile). HIGH 7.5 0.2% 38
No patch
CVE-2025-42611 RouterOS fails to properly validate certificate scope across its shared system certificate store, allowing any trusted certificate authority to authenticate in contexts beyond its intended scope. This vulnerability enables partial or full authentication bypass in OpenVPN, CAPsMAN, and 802.1X (Dot1x) services, affecting all RouterOS versions that use the vulnerable shared certificate validation logic. The vulnerability requires network access but no user interaction or authentication, making it remotely exploitable against default configurations. MEDIUM 6.5 0.0% 33
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy