Vulnerabilites related to mikrotik - routeros
CVE-2020-20246 (GCVE-0-2020-20246)
Vulnerability from cvelistv5
Published
2021-05-18 19:11
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T19:18:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"name": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20246",
"datePublished": "2021-05-18T19:11:01",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1158 (GCVE-0-2018-1158)
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-16 22:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T19:06:12",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-1158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-21",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"name": "https://mikrotik.com/download/changelogs",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs"
},
{
"name": "https://mikrotik.com/download/changelogs/bugfix-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1158",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-16T22:36:00.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36522 (GCVE-0-2022-36522)
Vulnerability from cvelistv5
Published
2022-08-26 17:57
Modified
2024-08-03 10:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T23:42:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2021/Jul/0",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36522",
"datePublished": "2022-08-26T17:57:36",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20248 (GCVE-0-2020-20248)
Vulnerability from cvelistv5
Published
2021-07-19 17:35
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/400.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20248",
"datePublished": "2021-07-19T17:35:49",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20149 (GCVE-0-2017-20149)
Vulnerability from cvelistv5
Published
2022-10-15 00:00
Modified
2025-05-14 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:26.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/BigNerd95/Chimay-Red"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-20149",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T14:57:45.854772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T14:58:01.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-15T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/BigNerd95/Chimay-Red"
},
{
"url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-20149",
"datePublished": "2022-10-15T00:00:00.000Z",
"dateReserved": "2022-10-15T00:00:00.000Z",
"dateUpdated": "2025-05-14T14:58:01.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20222 (GCVE-0-2020-20222)
Vulnerability from cvelistv5
Published
2021-05-18 18:21
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T18:25:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/15",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20222",
"datePublished": "2021-05-18T18:21:55",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13954 (GCVE-0-2019-13954)
Vulnerability from cvelistv5
Published
2019-07-26 12:15
Modified
2024-08-05 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T01:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2019/Jul/20",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"name": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13954",
"datePublished": "2019-07-26T12:15:12",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-05T00:05:44.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32154 (GCVE-0-2023-32154)
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-09-20 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-19797.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "routeros",
"vendor": "mikrotik",
"versions": [
{
"lessThan": "6.49.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:51:00.556580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T20:29:37.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-710",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-710/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RouterOS",
"vendor": "Mikrotik",
"versions": [
{
"status": "affected",
"version": "6.49.7 Stable"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:43.038-05:00",
"datePublic": "2023-05-17T20:29:17.704-05:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-19797."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:28:19.909Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-710",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-710/"
}
],
"source": {
"lang": "en",
"value": "Angelboy(@scwuaptx) and NiNi (@terrynini38514) from DEVCORE Research Team"
},
"title": "Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32154",
"datePublished": "2024-05-03T01:56:37.467Z",
"dateReserved": "2023-05-03T20:10:47.060Z",
"dateUpdated": "2024-09-20T20:29:37.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20254 (GCVE-0-2020-20254)
Vulnerability from cvelistv5
Published
2021-05-18 13:52
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T13:52:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/14",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20254",
"datePublished": "2021-05-18T13:52:19",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3976 (GCVE-0-2019-3976)
Vulnerability from cvelistv5
Published
2019-10-28 21:32
Modified
2024-08-04 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative path traversal.
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MikroTik RouterOS |
Version: RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package\u0027s name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative path traversal.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T21:32:40",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package\u0027s name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative path traversal."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3976",
"datePublished": "2019-10-28T21:32:40",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20267 (GCVE-0-2020-20267)
Vulnerability from cvelistv5
Published
2021-05-11 14:25
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T14:25:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2021/May/12",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20267",
"datePublished": "2021-05-11T14:25:04",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6444 (GCVE-0-2017-6444)
Vulnerability from cvelistv5
Published
2017-03-12 04:57
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41601",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41601/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploitalert.com/view-details.html?id=26137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41601",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41601/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploitalert.com/view-details.html?id=26137"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41601",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41601/"
},
{
"name": "https://cxsecurity.com/issue/WLB-2017030029",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"name": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"name": "http://www.exploitalert.com/view-details.html?id=26137",
"refsource": "MISC",
"url": "http://www.exploitalert.com/view-details.html?id=26137"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6444",
"datePublished": "2017-03-12T04:57:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20249 (GCVE-0-2020-20249)
Vulnerability from cvelistv5
Published
2021-07-19 17:27
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T17:27:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20249",
"datePublished": "2021-07-19T17:27:54",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13955 (GCVE-0-2019-13955)
Vulnerability from cvelistv5
Published
2019-07-26 12:13
Modified
2024-08-05 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:43.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T01:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2019/Jul/20",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"name": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13955",
"datePublished": "2019-07-26T12:13:50",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-05T00:05:43.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36614 (GCVE-0-2021-36614)
Vulnerability from cvelistv5
Published
2022-05-11 17:34
Modified
2024-08-04 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:57.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T20:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2021/Jul/0",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36614",
"datePublished": "2022-05-11T17:34:27",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-08-04T01:01:57.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20237 (GCVE-0-2020-20237)
Vulnerability from cvelistv5
Published
2021-05-18 18:22
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T18:25:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/15",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20237",
"datePublished": "2021-05-18T18:22:05",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6050 (GCVE-0-2012-6050)
Vulnerability from cvelistv5
Published
2012-11-27 02:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18817",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"name": "mikrotik-winbox-dos(75327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router\u0027s DLLs or plugins, as demonstrated by roteros.dll."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18817",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"name": "mikrotik-winbox-dos(75327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router\u0027s DLLs or plugins, as demonstrated by roteros.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18817",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"name": "mikrotik-winbox-dos(75327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
},
{
"name": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/",
"refsource": "MISC",
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6050",
"datePublished": "2012-11-27T02:00:00",
"dateReserved": "2012-11-26T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6976 (GCVE-0-2008-6976)
Vulnerability from cvelistv5
Published
2009-08-18 10:00
Modified
2024-08-07 11:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "routeros-snmp-security-bypass(44944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"name": "31025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31025"
},
{
"name": "6366",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-03T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "routeros-snmp-security-bypass(44944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"name": "31025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31025"
},
{
"name": "6366",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "routeros-snmp-security-bypass(44944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"name": "31025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31025"
},
{
"name": "6366",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6976",
"datePublished": "2009-08-18T10:00:00",
"dateReserved": "2009-08-17T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20227 (GCVE-0-2020-20227)
Vulnerability from cvelistv5
Published
2021-05-18 19:10
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T19:10:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"name": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20227",
"datePublished": "2021-05-18T19:10:17",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20219 (GCVE-0-2020-20219)
Vulnerability from cvelistv5
Published
2021-07-21 13:25
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T13:25:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/2",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20219",
"datePublished": "2021-07-21T13:25:16",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20262 (GCVE-0-2020-20262)
Vulnerability from cvelistv5
Published
2021-07-21 13:25
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T13:25:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/2",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20262",
"datePublished": "2021-07-21T13:25:24",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20225 (GCVE-0-2020-20225)
Vulnerability from cvelistv5
Published
2021-07-07 13:31
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:31:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Re: Two vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20225",
"datePublished": "2021-07-07T13:31:15",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20247 (GCVE-0-2020-20247)
Vulnerability from cvelistv5
Published
2021-05-03 15:13
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-03T15:13:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2020/May/30",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/May/30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20247",
"datePublished": "2021-05-03T15:13:42",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7285 (GCVE-0-2017-7285)
Vulnerability from cvelistv5
Published
2017-03-29 14:00
Modified
2024-08-05 15:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"name": "41752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41752/"
},
{
"name": "97266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97266"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"name": "41752",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41752/"
},
{
"name": "97266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97266"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2017030242",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"name": "41752",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41752/"
},
{
"name": "97266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97266"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7285",
"datePublished": "2017-03-29T14:00:00",
"dateReserved": "2017-03-27T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1159 (GCVE-0-2018-1159)
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-16 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-23T18:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-1159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-21",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"name": "https://mikrotik.com/download/changelogs",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs"
},
{
"name": "https://mikrotik.com/download/changelogs/bugfix-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1159",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-16T18:23:55.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20252 (GCVE-0-2020-20252)
Vulnerability from cvelistv5
Published
2021-07-13 17:06
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T17:06:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20252",
"datePublished": "2021-07-13T17:06:57",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20264 (GCVE-0-2020-20264)
Vulnerability from cvelistv5
Published
2021-05-19 11:19
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T11:19:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/11",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20264",
"datePublished": "2021-05-19T11:19:57",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15055 (GCVE-0-2019-15055)
Vulnerability from cvelistv5
Published
2019-08-26 20:12
Modified
2024-08-05 00:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T11:25:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/download/changelogs/testing-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-19-108",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"name": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90",
"refsource": "MISC",
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"name": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055",
"refsource": "MISC",
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"name": "https://forum.mikrotik.com/viewtopic.php?t=151603",
"refsource": "CONFIRM",
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15055",
"datePublished": "2019-08-26T20:12:52",
"dateReserved": "2019-08-14T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54772 (GCVE-0-2024-54772)
Vulnerability from cvelistv5
Published
2025-02-11 00:00
Modified
2025-02-24 15:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54772",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T14:19:49.063833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T14:24:22.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T15:32:18.010Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/deauther890/CVE-2024-54772"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54772",
"datePublished": "2025-02-11T00:00:00.000Z",
"dateReserved": "2024-12-06T00:00:00.000Z",
"dateUpdated": "2025-02-24T15:32:18.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11881 (GCVE-0-2020-11881)
Vulnerability from cvelistv5
Published
2020-09-14 20:06
Modified
2024-08-04 11:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/botlabsDev/CVE-2020-11881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-14T20:06:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/botlabsDev/CVE-2020-11881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com",
"refsource": "MISC",
"url": "https://mikrotik.com"
},
{
"name": "https://github.com/botlabsDev/CVE-2020-11881",
"refsource": "MISC",
"url": "https://github.com/botlabsDev/CVE-2020-11881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11881",
"datePublished": "2020-09-14T20:06:38",
"dateReserved": "2020-04-17T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20266 (GCVE-0-2020-20266)
Vulnerability from cvelistv5
Published
2021-05-19 11:20
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T11:20:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/11",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20266",
"datePublished": "2021-05-19T11:20:02",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20231 (GCVE-0-2020-20231)
Vulnerability from cvelistv5
Published
2021-07-14 13:53
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T13:53:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20231",
"datePublished": "2021-07-14T13:53:25",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34960 (GCVE-0-2022-34960)
Vulnerability from cvelistv5
Published
2022-08-25 01:50
Modified
2024-08-03 09:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T01:50:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html",
"refsource": "MISC",
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"name": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html",
"refsource": "MISC",
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34960",
"datePublished": "2022-08-25T01:50:03",
"dateReserved": "2022-07-04T00:00:00",
"dateUpdated": "2024-08-03T09:22:10.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54952 (GCVE-0-2024-54952)
Vulnerability from cvelistv5
Published
2025-05-29 00:00
Modified
2025-05-29 20:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T20:39:41.266333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T20:40:25.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T19:42:42.095Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/noobone123/RouterOS-issues/blob/main/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54952",
"datePublished": "2025-05-29T00:00:00.000Z",
"dateReserved": "2024-12-06T00:00:00.000Z",
"dateUpdated": "2025-05-29T20:40:25.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24094 (GCVE-0-2023-24094)
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2025-02-19 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:08.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://mikrotik.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://routeros.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T18:46:48.826858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T18:46:53.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://mikrotik.com"
},
{
"url": "http://routeros.com"
},
{
"url": "https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24094",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-01-23T00:00:00.000Z",
"dateUpdated": "2025-02-19T18:46:53.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3979 (GCVE-0-2019-3979)
Vulnerability from cvelistv5
Published
2019-10-28 21:33
Modified
2024-08-04 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unrelated Data Attack (see: https://www.sans.org/reading-room/whitepapers/dns/security-issues-dns-1069)
Summary
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MikroTik RouterOS |
Version: RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router\u0027s DNS cache via malicious responses with additional and untrue records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrelated Data Attack (see: https://www.sans.org/reading-room/whitepapers/dns/security-issues-dns-1069)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T21:33:25",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router\u0027s DNS cache via malicious responses with additional and untrue records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrelated Data Attack (see: https://www.sans.org/reading-room/whitepapers/dns/security-issues-dns-1069)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3979",
"datePublished": "2019-10-28T21:33:25",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3943 (GCVE-0-2019-3943)
Vulnerability from cvelistv5
Published
2019-04-10 20:01
Modified
2024-08-04 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Path Traversal
Summary
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"status": "affected",
"version": "Stable 6.43.12 and below"
},
{
"status": "affected",
"version": "Long-term 6.42.12 and below"
},
{
"status": "affected",
"version": "Testing 6.44beta75 and below"
}
]
}
],
"datePublic": "2019-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T20:01:00",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RouterOS",
"version": {
"version_data": [
{
"version_value": "Stable 6.43.12 and below"
},
{
"version_value": "Long-term 6.42.12 and below"
},
{
"version_value": "Testing 6.44beta75 and below"
}
]
}
}
]
},
"vendor_name": "MikroTik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-16",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3943",
"datePublished": "2019-04-10T20:01:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10066 (GCVE-0-2018-10066)
Vulnerability from cvelistv5
Published
2018-04-13 13:00
Modified
2024-08-05 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client\u0027s internal network (for example, at site-to-site tunnels)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-13T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client\u0027s internal network (for example, at site-to-site tunnels)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security",
"refsource": "MISC",
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10066",
"datePublished": "2018-04-13T13:00:00",
"dateReserved": "2018-04-12T00:00:00",
"dateUpdated": "2024-08-05T07:32:00.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20217 (GCVE-0-2020-20217)
Vulnerability from cvelistv5
Published
2021-07-08 11:39
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "https://cwe.mitre.org/data/definitions/400.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20217",
"datePublished": "2021-07-08T11:39:28",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22845 (GCVE-0-2020-22845)
Vulnerability from cvelistv5
Published
2022-02-28 18:48
Modified
2024-08-04 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/support"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-28T18:48:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/support"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/support",
"refsource": "MISC",
"url": "https://mikrotik.com/support"
},
{
"name": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md",
"refsource": "MISC",
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22845",
"datePublished": "2022-02-28T18:48:56",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:51:11.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3981 (GCVE-0-2019-3981)
Vulnerability from cvelistv5
Published
2020-01-14 18:13
Modified
2024-08-04 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WinBox",
"vendor": "MikroTik",
"versions": [
{
"status": "affected",
"version": "Winbox 3.20 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client\u0027s authentication protocol and recover the user\u0027s username and MD5 hashed password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T18:13:57",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WinBox",
"version": {
"version_data": [
{
"version_value": "Winbox 3.20 and below."
}
]
}
}
]
},
"vendor_name": "MikroTik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client\u0027s authentication protocol and recover the user\u0027s username and MD5 hashed password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3981",
"datePublished": "2020-01-14T18:13:57",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20253 (GCVE-0-2020-20253)
Vulnerability from cvelistv5
Published
2021-05-18 13:51
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T13:51:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
},
{
"name": "20210507 Re: Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20253",
"datePublished": "2021-05-18T13:51:38",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6563 (GCVE-0-2025-6563)
Vulnerability from cvelistv5
Published
2025-07-03 11:18
Modified
2025-07-03 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker's account) and triggers the payload.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6563",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T13:07:30.664092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T13:17:13.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.toreon.com/how-a-ski-trip-led-to-a-cve-in-a-wi-fi-hotspot/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hotspot"
],
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"lessThan": "7.19.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site scripting vulnerability is present in the hotspot of MikroTik\u0027s RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker\u0027s account) and triggers the payload."
}
],
"value": "A cross-site scripting vulnerability is present in the hotspot of MikroTik\u0027s RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker\u0027s account) and triggers the payload."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T11:18:26.211Z",
"orgId": "1c6b5737-9389-4011-8117-89fa251edfb2",
"shortName": "Toreon"
},
"references": [
{
"url": "https://www.toreon.com/how-a-ski-trip-led-to-a-cve-in-a-wi-fi-hotspot/"
}
],
"source": {
"discovery": "USER"
},
"title": "Cross-site scripting via dst parameter in RouterOS WiFi hotspot",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1c6b5737-9389-4011-8117-89fa251edfb2",
"assignerShortName": "Toreon",
"cveId": "CVE-2025-6563",
"datePublished": "2025-07-03T11:18:26.211Z",
"dateReserved": "2025-06-24T07:00:12.112Z",
"dateUpdated": "2025-07-03T13:17:13.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1157 (GCVE-0-2018-1157)
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-17 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T19:06:12",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-1157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-21",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"name": "https://mikrotik.com/download/changelogs",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs"
},
{
"name": "https://mikrotik.com/download/changelogs/bugfix-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"name": "20190723 Two vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1157",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-17T02:56:35.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22844 (GCVE-0-2020-22844)
Vulnerability from cvelistv5
Published
2022-02-28 18:48
Modified
2024-08-04 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/support"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-28T18:48:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/support"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/support",
"refsource": "MISC",
"url": "https://mikrotik.com/support"
},
{
"name": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md",
"refsource": "MISC",
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22844",
"datePublished": "2022-02-28T18:48:44",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:51:11.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20216 (GCVE-0-2020-20216)
Vulnerability from cvelistv5
Published
2021-07-07 13:30
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:30:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/10",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20216",
"datePublished": "2021-07-07T13:30:06",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20221 (GCVE-0-2020-20221)
Vulnerability from cvelistv5
Published
2021-07-21 13:49
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/400.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"name": "https://seclists.org/fulldisclosure/2020/May/30",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/1",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20221",
"datePublished": "2021-07-21T13:49:07",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2350 (GCVE-0-2015-2350)
Vulnerability from cvelistv5
Published
2015-03-19 14:00
Modified
2024-08-06 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73013"
},
{
"name": "20150309 MikroTik RouterOS Admin Password Change CSRF",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-25T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "73013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73013"
},
{
"name": "20150309 MikroTik RouterOS Admin Password Change CSRF",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73013"
},
{
"name": "20150309 MikroTik RouterOS Admin Password Change CSRF",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"name": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2350",
"datePublished": "2015-03-19T14:00:00",
"dateReserved": "2015-03-19T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5951 (GCVE-0-2018-5951)
Vulnerability from cvelistv5
Published
2020-03-02 21:20
Modified
2024-08-05 05:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T21:20:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Nat-Lab/CVE-2018-5951",
"refsource": "MISC",
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5951",
"datePublished": "2020-03-02T21:20:27",
"dateReserved": "2018-01-21T00:00:00",
"dateUpdated": "2024-08-05T05:47:56.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6443 (GCVE-0-2025-6443)
Vulnerability from cvelistv5
Published
2025-06-25 21:29
Modified
2025-06-26 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic. The issue results from the lack of validation of the remote IP address against configured values prior to allowing ingress traffic into the internal network. An attacker can leverage this vulnerability to gain access to internal network resources. Was ZDI-CAN-26415.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T14:18:02.910945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T14:18:12.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RouterOS",
"vendor": "Mikrotik",
"versions": [
{
"status": "affected",
"version": "7.15.3, 7.16.2"
}
]
}
],
"dateAssigned": "2025-06-20T17:15:55.535Z",
"datePublic": "2025-06-25T21:29:14.744Z",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic. The issue results from the lack of validation of the remote IP address against configured values prior to allowing ingress traffic into the internal network. An attacker can leverage this vulnerability to gain access to internal network resources. Was ZDI-CAN-26415."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T21:29:22.232Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-424",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-424/"
}
],
"source": {
"lang": "en",
"value": "Trend Micro (SHU-HAO, TUNG) (123ojp)"
},
"title": "Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-6443",
"datePublished": "2025-06-25T21:29:22.232Z",
"dateReserved": "2025-06-20T17:15:55.462Z",
"dateUpdated": "2025-06-26T14:18:12.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36613 (GCVE-0-2021-36613)
Vulnerability from cvelistv5
Published
2022-05-11 17:34
Modified
2024-08-04 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T20:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2021/Jul/0",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"name": "20220603 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36613",
"datePublished": "2022-05-11T17:34:34",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-08-04T01:01:58.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6297 (GCVE-0-2017-6297)
Vulnerability from cvelistv5
Published
2017-02-27 07:25
Modified
2024-08-05 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
},
{
"name": "96447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
},
{
"name": "96447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/",
"refsource": "MISC",
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
},
{
"name": "96447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6297",
"datePublished": "2017-02-27T07:25:00",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-08-05T15:25:48.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20265 (GCVE-0-2020-20265)
Vulnerability from cvelistv5
Published
2021-05-11 14:25
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"name": "04052021 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T17:37:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"name": "04052021 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2021/May/12",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"name": "04052021 Re: Three vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20265",
"datePublished": "2021-05-11T14:25:53",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41570 (GCVE-0-2023-41570)
Vulnerability from cvelistv5
Published
2023-11-14 00:00
Modified
2024-09-03 15:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41570",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:03:38.419322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:05:06.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:16:21.940637",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41570",
"datePublished": "2023-11-14T00:00:00",
"dateReserved": "2023-08-30T00:00:00",
"dateUpdated": "2024-09-03T15:05:06.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20236 (GCVE-0-2020-20236)
Vulnerability from cvelistv5
Published
2021-05-18 18:22
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T18:25:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/15",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20236",
"datePublished": "2021-05-18T18:22:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3014 (GCVE-0-2021-3014)
Vulnerability from cvelistv5
Published
2021-01-04 18:38
Modified
2024-08-03 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T18:38:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html",
"refsource": "MISC",
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
},
{
"name": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md",
"refsource": "MISC",
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3014",
"datePublished": "2021-01-04T18:38:07",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T16:45:50.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3978 (GCVE-0-2019-3978)
Vulnerability from cvelistv5
Published
2019-10-28 21:32
Modified
2024-08-04 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MikroTik RouterOS |
Version: RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker\u0027s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T15:06:19",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker\u0027s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"name": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3978",
"datePublished": "2019-10-28T21:32:57",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30799 (GCVE-0-2023-30799)
Vulnerability from cvelistv5
Published
2023-07-19 14:56
Modified
2024-10-24 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/MarginResearch/FOISted"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30799",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:50:26.181727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:50:44.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86",
"ARM",
"64 bit",
"mips",
"ppc"
],
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"lessThan": "6.49.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.48.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eMikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\u003c/div\u003e"
}
],
"value": "MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T14:56:17.362Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/MarginResearch/FOISted"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MikroTik RouterOS Administrator Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-30799",
"datePublished": "2023-07-19T14:56:17.362Z",
"dateReserved": "2023-04-18T10:31:45.962Z",
"dateUpdated": "2024-10-24T18:50:44.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20214 (GCVE-0-2020-20214)
Vulnerability from cvelistv5
Published
2021-05-18 18:21
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T18:25:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210507 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/15",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"name": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20214",
"datePublished": "2021-05-18T18:21:41",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41987 (GCVE-0-2021-41987)
Vulnerability from cvelistv5
Published
2022-03-16 14:44
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/download/archive"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-29T14:26:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/download/archive"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/download/archive",
"refsource": "MISC",
"url": "https://mikrotik.com/download/archive"
},
{
"name": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/",
"refsource": "MISC",
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41987",
"datePublished": "2022-03-16T14:44:58",
"dateReserved": "2021-10-04T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10364 (GCVE-0-2020-10364)
Vulnerability from cvelistv5
Published
2020-03-23 15:56
Modified
2024-08-04 10:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T15:56:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/48228",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"name": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10364",
"datePublished": "2020-03-23T15:56:19",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-08-04T10:58:40.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30800 (GCVE-0-2023-30800)
Vulnerability from cvelistv5
Published
2023-09-07 15:43
Modified
2024-09-26 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30800",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:04:33.430241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:04:47.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86",
"ARM",
"PPC",
"MIPSBE"
],
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"status": "unaffected",
"version": "6.49.10"
},
{
"status": "affected",
"version": "6.49.9"
},
{
"status": "affected",
"version": "6.48.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server\u0027s heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\u003cbr\u003e"
}
],
"value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server\u0027s heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-123",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-123 Buffer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T15:43:54.429Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MikroTik RouterOS Web Interface Heap Corruption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-30800",
"datePublished": "2023-09-07T15:43:54.429Z",
"dateReserved": "2023-04-18T10:31:45.962Z",
"dateUpdated": "2024-09-26T19:04:47.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20212 (GCVE-0-2020-20212)
Vulnerability from cvelistv5
Published
2021-07-07 13:27
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:27:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/0",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20212",
"datePublished": "2021-07-07T13:27:27",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20245 (GCVE-0-2020-20245)
Vulnerability from cvelistv5
Published
2021-05-18 19:14
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T19:14:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"name": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20245",
"datePublished": "2021-05-18T19:14:14",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20218 (GCVE-0-2020-20218)
Vulnerability from cvelistv5
Published
2021-05-03 15:13
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T13:48:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2020/May/30",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"name": "https://seclists.org/fulldisclosure/2021/May/1",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20218",
"datePublished": "2021-05-03T15:13:44",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45313 (GCVE-0-2022-45313)
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2025-04-24 13:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45313",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T13:49:40.393808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T13:50:10.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45313",
"datePublished": "2022-12-05T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-24T13:50:10.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20213 (GCVE-0-2020-20213)
Vulnerability from cvelistv5
Published
2021-07-07 13:28
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/10",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"name": "https://cwe.mitre.org/data/definitions/674.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/674.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20213",
"datePublished": "2021-07-07T13:28:48",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20230 (GCVE-0-2020-20230)
Vulnerability from cvelistv5
Published
2021-07-19 16:14
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/400.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20230",
"datePublished": "2021-07-19T16:14:19",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20211 (GCVE-0-2020-20211)
Vulnerability from cvelistv5
Published
2021-07-07 13:26
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:26:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/0",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20211",
"datePublished": "2021-07-07T13:26:20",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16160 (GCVE-0-2019-16160)
Vulnerability from cvelistv5
Published
2020-10-07 15:07
Modified
2024-08-05 01:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-07T15:07:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com",
"refsource": "MISC",
"url": "https://mikrotik.com"
},
{
"name": "https://forum.mikrotik.com/viewtopic.php?t=151603",
"refsource": "CONFIRM",
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"name": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24",
"refsource": "MISC",
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16160",
"datePublished": "2020-10-07T15:07:39",
"dateReserved": "2019-09-09T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20250 (GCVE-0-2020-20250)
Vulnerability from cvelistv5
Published
2021-07-13 11:59
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T11:59:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md",
"refsource": "MISC",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20250",
"datePublished": "2021-07-13T11:59:52",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27221 (GCVE-0-2021-27221)
Vulnerability from cvelistv5
Published
2021-03-19 02:28
Modified
2024-08-03 20:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor\u0027s position is that this is intended behavior because of how user policies work"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-19T02:28:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor\u0027s position is that this is intended behavior because of how user policies work."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe",
"refsource": "MISC",
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27221",
"datePublished": "2021-03-19T02:28:41",
"dateReserved": "2021-02-15T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1156 (GCVE-0-2018-1156)
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-16 19:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-23T18:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-08-22T00:00:00",
"ID": "CVE-2018-1156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-21",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"name": "https://mikrotik.com/download/changelogs",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs"
},
{
"name": "https://mikrotik.com/download/changelogs/bugfix-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1156",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-16T19:31:35.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20215 (GCVE-0-2020-20215)
Vulnerability from cvelistv5
Published
2021-07-07 13:29
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:29.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T13:29:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "http://seclists.org/fulldisclosure/2021/May/10",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2021/May/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20215",
"datePublished": "2021-07-07T13:29:33",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:29.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3977 (GCVE-0-2019-3977)
Vulnerability from cvelistv5
Published
2019-10-28 21:34
Modified
2024-08-04 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-494 - Insufficient checks on origin
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MikroTik RouterOS |
Version: RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system\u0027s usernames and passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Insufficient checks on origin",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T21:34:37",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system\u0027s usernames and passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Insufficient checks on origin"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3977",
"datePublished": "2019-10-28T21:34:37",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8338 (GCVE-0-2017-8338)
Vulnerability from cvelistv5
Published
2017-05-18 06:13
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-18T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2017050062",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=2064",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
},
{
"name": "http://seclists.org/fulldisclosure/2017/May/59",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"name": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8338",
"datePublished": "2017-05-18T06:13:00",
"dateReserved": "2017-04-29T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20220 (GCVE-0-2020-20220)
Vulnerability from cvelistv5
Published
2021-05-18 19:09
Modified
2024-08-04 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T19:09:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mikrotik.com/",
"refsource": "MISC",
"url": "https://mikrotik.com/"
},
{
"name": "20210511 Four vulnerabilities found in MikroTik\u0027s RouterOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"name": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20220",
"datePublished": "2021-05-18T19:09:29",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20021 (GCVE-0-2020-20021)
Vulnerability from cvelistv5
Published
2023-07-12 00:00
Modified
2024-11-07 15:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://mikrotik.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://router.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48228"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-20021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:15:08.600717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:15:16.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://mikrotik.com"
},
{
"url": "http://router.com"
},
{
"url": "https://www.exploit-db.com/exploits/48228"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20021",
"datePublished": "2023-07-12T00:00:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-11-07T15:15:16.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3924 (GCVE-0-2019-3924)
Vulnerability from cvelistv5
Published
2019-02-20 20:00
Modified
2024-09-17 02:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-441 - Unauthenticated Intermediary
Summary
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenable | MikroTik RouterOS |
Version: RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46444",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name": "107177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MikroTik RouterOS",
"vendor": "Tenable",
"versions": [
{
"status": "affected",
"version": "RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below"
}
]
}
],
"datePublic": "2019-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unauthenticated Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-05T10:57:02",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "46444",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name": "107177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2019-02-12T00:00:00",
"ID": "CVE-2019-3924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MikroTik RouterOS",
"version": {
"version_data": [
{
"version_value": "RouterOS long-term 6.42.11 and below, RouterOS stable 6.43.11 and below"
}
]
}
}
]
},
"vendor_name": "Tenable"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unauthenticated Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46444",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-07",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"name": "107177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3924",
"datePublished": "2019-02-20T20:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:46:52.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45315 (GCVE-0-2022-45315)
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2025-04-24 13:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45315",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T13:48:46.083509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T13:49:10.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45315",
"datePublished": "2022-12-05T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-24T13:49:10.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7445 (GCVE-0-2018-7445)
Vulnerability from cvelistv5
Published
2018-03-19 21:00
Modified
2025-07-30 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103427"
},
{
"name": "20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"name": "44290",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44290/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-7445",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:27:32.357265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-09-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7445"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:46:18.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2022-09-08T00:00:00+00:00",
"value": "CVE-2018-7445 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "103427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103427"
},
{
"name": "20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"name": "44290",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44290/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103427"
},
{
"name": "20180315 [CORE-2018-0003] MikroTik RouterOS SMB Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"name": "44290",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44290/"
},
{
"name": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7445",
"datePublished": "2018-03-19T21:00:00.000Z",
"dateReserved": "2018-02-23T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:46:18.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14847 (GCVE-0-2018-14847)
Vulnerability from cvelistv5
Published
2018-08-02 07:00
Modified
2025-07-30 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45578/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-14847",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:41:33.262103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-01",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14847"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:46:13.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-12-01T00:00:00+00:00",
"value": "CVE-2018-14847 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:59:41.013Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45578",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45578/"
},
{
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
},
{
"url": "https://mikrotik.com/supportsec/winbox-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45578",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45578/"
},
{
"name": "https://github.com/BigNerd95/WinboxExploit",
"refsource": "MISC",
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"name": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf",
"refsource": "MISC",
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"name": "https://github.com/BasuCert/WinboxPoC",
"refsource": "MISC",
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"name": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847",
"refsource": "MISC",
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"name": "https://n0p.me/winbox-bug-dissection/",
"refsource": "MISC",
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"name": "https://github.com/tenable/routeros/tree/master/poc/bytheway",
"refsource": "MISC",
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14847",
"datePublished": "2018-08-02T07:00:00.000Z",
"dateReserved": "2018-08-02T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:46:13.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13074 (GCVE-0-2019-13074)
Vulnerability from cvelistv5
Published
2019-07-03 20:07
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T13:07:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.mikrotik.com/viewtopic.php?t=150045",
"refsource": "CONFIRM",
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"name": "https://mikrotik.com/download/changelogs/stable-release-tree",
"refsource": "CONFIRM",
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13074",
"datePublished": "2019-07-03T20:07:27",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md | Broken Link | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/2 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/2 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de fallo de aserci\u00f3n en el proceso /ram/pckg/security/nova/bin/ipsec. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un fallo de aserci\u00f3n por medio de un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20262",
"lastModified": "2024-11-21T05:11:58.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-21T15:15:12.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md | Broken Link, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8534A9B0-405D-4E52-8B77-F48C6FD67DEB",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre de una vulnerabilidad de divisi\u00f3n por cero en el proceso /nova/bin/lcdstat.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un error de divisi\u00f3n por cero"
}
],
"id": "CVE-2020-20253",
"lastModified": "2024-11-21T05:11:58.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T14:15:07.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-02 07:29
Modified
2025-04-28 20:48
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/BasuCert/WinboxPoC | Exploit, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://github.com/BigNerd95/WinboxExploit | Exploit, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf | Broken Link, Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/tenable/routeros/tree/master/poc/bytheway | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/supportsec/winbox-vulnerability | Vendor Advisory | |
| cve@mitre.org | https://n0p.me/winbox-bug-dissection/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/45578/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/BasuCert/WinboxPoC | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/BigNerd95/WinboxExploit | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf | Broken Link, Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tenable/routeros/tree/master/poc/bytheway | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://n0p.me/winbox-bug-dissection/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/45578/ | Exploit, Third Party Advisory, VDB Entry |
{
"cisaActionDue": "2022-06-01",
"cisaExploitAdd": "2021-12-01",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "MikroTik Router OS Directory Traversal Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16E5E5C5-AE57-4E80-8405-C12C6D0999EB",
"versionEndIncluding": "6.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface."
},
{
"lang": "es",
"value": "MikroTik RouterOS hasta la versi\u00f3n 6.42 permite que atacante remoto no autenticado lean archivos arbitrarios y que los atacantes autenticados remotos escriban en archivos arbitrarios debido a una vulnerabilidad de salto de directorio en la interfaz WinBox."
}
],
"id": "CVE-2018-14847",
"lastModified": "2025-04-28T20:48:40.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-08-02T07:29:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/supportsec/winbox-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45578/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45578/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 21:15
Modified
2024-11-21 04:27
Severity ?
Summary
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://fortiguard.com/zeroday/FG-VD-19-108 | Third Party Advisory | |
| cve@mitre.org | https://forum.mikrotik.com/viewtopic.php?t=151603 | ||
| cve@mitre.org | https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90 | Press/Media Coverage, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/download/changelogs/testing-release-tree | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/zeroday/FG-VD-19-108 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.mikrotik.com/viewtopic.php?t=151603 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90 | Press/Media Coverage, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs/testing-release-tree | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A669D0-7960-441F-8B9E-AC28EB6ABEC3",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9A5A79-1FA9-4812-9930-690EDC94DC05",
"versionEndIncluding": "6.45.3",
"versionStartIncluding": "6.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."
},
{
"lang": "es",
"value": "MikroTik RouterOS a trav\u00e9s de 6.44.5 y 6.45.x a 6.45.3 maneja incorrectamente el nombre del disco, lo que permite a los usuarios autenticados eliminar archivos arbitrarios. Los atacantes pueden aprovechar esta vulnerabilidad para restablecer el almacenamiento de credenciales, lo que les permite acceder a la interfaz de administraci\u00f3n como administrador sin autenticaci\u00f3n."
}
],
"id": "CVE-2019-15055",
"lastModified": "2024-11-21T04:27:58.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T21:15:11.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"source": "cve@mitre.org",
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/testing-release-tree"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-13 12:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/lcdstat. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia del puntero NULL). NOTA: esto es diferente de CVE-2020-20253 y CVE-2020-20254. Las cuatro vulnerabilidades en el proceso /nova/bin/lcdstat son discutidas en la referencia CVE-2020-20250 github.com/cq674350529"
}
],
"id": "CVE-2020-20250",
"lastModified": "2024-11-21T05:11:57.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-13T12:15:09.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20250/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-03 21:15
Modified
2024-11-21 04:24
Severity ?
Summary
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.mikrotik.com/viewtopic.php?t=150045 | Vendor Advisory | |
| cve@mitre.org | https://mikrotik.com/download/changelogs/stable-release-tree | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.mikrotik.com/viewtopic.php?t=150045 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs/stable-release-tree | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mikrotik | routeros | * | |
| mikrotik | ccr1009-7g-1c-1s\+ | - | |
| mikrotik | ccr1009-7g-1c-1s\+pc | - | |
| mikrotik | ccr1009-7g-1c-pc | - | |
| mikrotik | ccr1016-12g | - | |
| mikrotik | ccr1016-12s-1s\+ | - | |
| mikrotik | ccr1036-12g-4s | - | |
| mikrotik | ccr1036-12g-4s-em | - | |
| mikrotik | ccr1036-8g-2s\+ | - | |
| mikrotik | ccr1036-8g-2s\+em | - | |
| mikrotik | ccr1072-1g-8s\+ | - | |
| mikrotik | hex | - | |
| mikrotik | hex_lite | - | |
| mikrotik | hex_poe | - | |
| mikrotik | hex_poe_lite | - | |
| mikrotik | hex_s | - | |
| mikrotik | powerbox | - | |
| mikrotik | powerbox_pro | - | |
| mikrotik | rb1100ahx4 | - | |
| mikrotik | rb1100ahx4 | - | |
| mikrotik | rb2011il-in | - | |
| mikrotik | rb2011il-rm | - | |
| mikrotik | rb2011ils-in | - | |
| mikrotik | rb2011uias-in | - | |
| mikrotik | rb2011uias-rm | - | |
| mikrotik | rb3011uias-rm | - | |
| mikrotik | rb4011igs\+rm | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B30CA4-E14C-4D48-97A5-D761E3CE4E27",
"versionEndIncluding": "6.44.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1FD987-CA1F-4FDA-B381-D9DBC17B99A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\\+pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "526F57A0-66E5-47B0-AA56-129A68591B9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B295C919-5D41-48EC-BE97-21A7A51B0900",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1016-12g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "918648BA-4A2B-455C-8348-98A5911F5721",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1016-12s-1s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB272F1-D066-4D9F-886E-CA883ABF447D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-12g-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3516BAD4-FFA4-4C4A-B1DB-F6B393488554",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-12g-4s-em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFCA937-CA92-409D-BC29-B0424BB8F2EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-8g-2s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7B0504-C1F7-4E83-B225-090A3BFF40E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-8g-2s\\+em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F116F5D-0ECE-4485-A0B6-4B4636169504",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1072-1g-8s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "423B1B58-B64B-4797-A9BA-AA3D53F8A3F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "625E3C1B-73EE-431E-A73E-A5909DA330E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D501654E-8A50-4279-8930-4DCCD4821875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47B00042-7C48-47B7-BF84-9654C71B3D63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_poe_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AA7241-64CC-49FB-9019-5C1A82F461A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF3EC35-EE46-4688-AD8F-13D609789824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:powerbox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FBDC6D-3EE7-41F1-B633-E6445D00698B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:powerbox_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C26C0-7553-4BD4-ACC8-80C8FFF01727",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb1100ahx4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3A5B6E-1C32-446F-8ADE-63C477D4A6E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb1100ahx4:-:*:dude:*:*:*:*:*",
"matchCriteriaId": "4F5D365D-D2CE-4449-A31F-073F0A0C95C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011il-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A41B00D7-D928-4201-B99C-EAE30735C09D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011il-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A7CA16-45FC-406A-8558-62AE2289D76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011ils-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA4DB1-5C25-4C52-9C25-7F6A1CD1C089",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011uias-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A357D-C6AA-44FD-960E-99D86E0AF88D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011uias-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "769077CF-8F3A-4C7B-B608-8185719A0552",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb3011uias-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB41A1C-7B95-41D4-BFF7-F339FDDD7A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb4011igs\\+rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11591C89-43B0-4C40-A84D-0D5C19DCE982",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el demonio FTP en los enrutadores MikroTik hasta la versi\u00f3n 6.44.3 podr\u00eda permitir a los atacantes remotos agotar toda la memoria disponible, lo que provocar\u00eda que el dispositivo se reiniciara debido a la administraci\u00f3n de recursos no controlada."
}
],
"id": "CVE-2019-13074",
"lastModified": "2024-11-21T04:24:08.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-03T21:15:10.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-19 18:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre de una vulnerabilidad de corrupci\u00f3n de memoria en el proceso de resoluci\u00f3n. Mediante el env\u00edo de un paquete dise\u00f1ado, un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio"
}
],
"id": "CVE-2020-20249",
"lastModified": "2024-11-21T05:11:57.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-19T18:15:08.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20249/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-13 18:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre de una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/lcdstat. Un atacante remoto autenticado puede causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20252",
"lastModified": "2024-11-21T05:11:58.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-13T18:15:07.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20252/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-05 16:15
Modified
2025-04-24 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A0CDCB-9550-4670-8270-8866932D9C59",
"versionEndExcluding": "7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Mikrotik RouterOs anteriores a la versi\u00f3n estable 7.6 conten\u00eda una lectura fuera de los l\u00edmites en el proceso snmp. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2022-45315",
"lastModified": "2025-04-24T14:15:41.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-05T16:15:10.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-28 19:15
Modified
2024-11-21 05:13
Severity ?
Summary
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md | Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/support | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/support | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "91339E44-1C36-4AE4-804C-38835AD32DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en Mikrotik RouterOS versi\u00f3n 6.47 permite a atacantes no autenticados causar una denegaci\u00f3n de servicio (DOS) por medio de peticiones SMB dise\u00f1adas.\n"
}
],
"id": "CVE-2020-22844",
"lastModified": "2024-11-21T05:13:26.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-28T19:15:08.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/support"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/support"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/1 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "883E8144-7FE9-4BB1-94E2-B8FDA8F3E54A",
"versionEndExcluding": "6.44.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.44.6 (long-term tree) sufre de una vulnerabilidad de consumo de recursos no controlado en el proceso /nova/bin/cerm. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a la sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20221",
"lastModified": "2024-11-21T05:11:55.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-21T15:15:12.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-07 16:15
Modified
2024-11-21 04:30
Severity ?
Summary
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.mikrotik.com/viewtopic.php?t=151603 | Vendor Advisory | |
| cve@mitre.org | https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24 | Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.mikrotik.com/viewtopic.php?t=151603 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB9F912-5BA6-4BD9-837D-ADFC07F0E0D7",
"versionEndExcluding": "6.45.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service."
},
{
"lang": "es",
"value": "Un subdesbordamiento de enteros en el servidor SMB de MikroTik RouterOS versiones anteriores a 6.45.5, permite a atacantes remotos no autenticados bloquear el servicio"
}
],
"id": "CVE-2019-16160",
"lastModified": "2024-11-21T04:30:10.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-07T16:15:12.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mikrotik.com/viewtopic.php?t=151603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/0 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.5:*:*:*:ltr:*:*:*",
"matchCriteriaId": "41C40183-6EF3-4FE0-9B4A-E1C001B2A005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.5 (long-term tree) sufre una vulnerabilidad de fallo de aserci\u00f3n en el proceso /nova/bin/console. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un fallo de aserci\u00f3n por medio de un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20211",
"lastModified": "2024-11-21T05:11:54.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-19 15:15
Modified
2024-11-21 08:00
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| disclosure@vulncheck.com | https://github.com/MarginResearch/FOISted | Third Party Advisory | |
| disclosure@vulncheck.com | https://vulncheck.com/advisories/mikrotik-foisted | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MarginResearch/FOISted | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vulncheck.com/advisories/mikrotik-foisted | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "A8C0285B-A979-4913-AB13-37A0ED0F4848",
"versionEndIncluding": "6.48.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "39DD099B-D7AD-440C-9FE7-450D0DDB44D7",
"versionEndExcluding": "6.49.7",
"versionStartIncluding": "6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\n\n"
}
],
"id": "CVE-2023-30799",
"lastModified": "2024-11-21T08:00:55.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-19T15:15:10.477",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MarginResearch/FOISted"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MarginResearch/FOISted"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-12 13:15
Modified
2024-11-21 05:11
Severity ?
Summary
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://mikrotik.com | Product | |
| cve@mitre.org | http://router.com | Not Applicable | |
| cve@mitre.org | https://www.exploit-db.com/exploits/48228 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mikrotik.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://router.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/48228 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE16B96-C8E2-414D-949C-693087370840",
"versionEndIncluding": "6.46.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon."
}
],
"id": "CVE-2020-20021",
"lastModified": "2024-11-21T05:11:49.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-12T13:15:09.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://mikrotik.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://router.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://mikrotik.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://router.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-19 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html | Exploit | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2015/Mar/49 | Exploit | |
| cve@mitre.org | http://www.securityfocus.com/bid/73013 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2015/Mar/49 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/73013 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14BD8496-71C5-46DF-B64B-A35175180C16",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF en MikroTik RouterOS 5.0 y anteriores permite a atacantes remotos secuestrar la autenticaci\u00f3n del administraci\u00f3n en peticiones que cambien la contrase\u00f1a de administrador a trav\u00e9s de una petici\u00f3n en la p\u00e1gina del estado en /cfg."
}
],
"id": "CVE-2015-2350",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-19T14:59:02.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/73013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130722/MikroTik-RouterOS-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-03 16:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "80DE9657-39B1-4B60-ABFE-600F86C7F2F3",
"versionEndExcluding": "6.46.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.46.5 (\u00e1rbol estable) sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/traceroute. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a la variable de contador de bucle."
}
],
"id": "CVE-2020-20247",
"lastModified": "2024-11-21T05:11:57.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-03T16:15:07.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html | Third Party Advisory | |
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "E96DA8A8-65E0-4D1C-A15B-8A4F7A0644A1",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AA750EF2-6247-46CF-B800-C0417F6D35A5",
"versionEndIncluding": "6.45.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker\u0027s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning"
},
{
"lang": "es",
"value": "RouterOS versi\u00f3n 6.45.6 Stable, RouterOS versi\u00f3n 6.44.5 Long-Term y anteriores, permiten a atacantes remotos no autenticados activar consultas DNS mediante el puerto 8291. Las consultas son enviadas desde el router hacia un servidor de elecci\u00f3n del atacante. El router almacena en cach\u00e9 las respuestas DNS, resultando potencialmente en envenenamiento"
}
],
"id": "CVE-2019-3978",
"lastModified": "2024-11-21T04:42:59.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:20.500",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-16 15:15
Modified
2024-11-21 06:27
Severity ?
Summary
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mikrotik.com/download/archive | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/archive | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.8:*:*:*:*:*:*:*",
"matchCriteriaId": "648F25BC-BFD3-4E0F-962C-76B2DE45CBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD00B734-C416-47DC-977F-F0D351D0D32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E75DB60-0579-4CED-A78A-78D0899F65BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10."
},
{
"lang": "es",
"value": "En el servidor SCEP de RouterOS en ciertos productos Mikrotik, un atacante puede desencadenar un desbordamiento de b\u00fafer basado en heap que conduce a la ejecuci\u00f3n remota de c\u00f3digo. El atacante debe conocer el valor de scep_server_name. Esto afecta a RouterOS 6.46.8, 6.47.9 y 6.47.10"
}
],
"id": "CVE-2021-41987",
"lastModified": "2024-11-21T06:27:01.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-16T15:15:14.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/archive"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/archive"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://teamt5.org/en/posts/vulnerability-mikrotik-cve-2021-41987/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-11 23:15
Modified
2025-06-30 14:48
Severity ?
Summary
An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/deauther890/CVE-2024-54772 | Third Party Advisory, Exploit |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F618C1B1-340C-4893-A0FF-23B533F787E3",
"versionEndExcluding": "6.49.18",
"versionStartIncluding": "6.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "2DD4F8E4-8A7E-408E-ACF8-C7D003D78027",
"versionEndIncluding": "6.49.13",
"versionStartIncluding": "6.43.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BD087026-C45D-44F3-A305-41A07FDB14EC",
"versionEndExcluding": "7.18",
"versionStartIncluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el servicio Winbox de MikroTik RouterOS v6.43 a v7.16.1 versiones v6.43.13 hasta v6.49.13 y estables desde v6.43 hasta v7.17.2. Hay disponible un parche en la versi\u00f3n estable v6.49.18. Una discrepancia en el tama\u00f1o de respuesta entre los intentos de conexi\u00f3n realizados con un nombre de usuario v\u00e1lido y aquellos con un nombre de usuario no v\u00e1lido permite a los atacantes realizar una enumeraci\u00f3n de cuentas v\u00e1lidas."
}
],
"id": "CVE-2024-54772",
"lastModified": "2025-06-30T14:48:12.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-11T23:15:09.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Exploit"
],
"url": "https://github.com/deauther890/CVE-2024-54772"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-208"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-12 05:59
Modified
2025-04-20 01:37
Severity ?
Summary
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.exploitalert.com/view-details.html?id=26137 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2017030029 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/41601/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploitalert.com/view-details.html?id=26137 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2017030029 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/41601/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mikrotik | routeros | 6.25 | |
| mikrotik | router_hap_lite | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "782A270F-EFFB-4E37-9951-0F89C845BDCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mikrotik:router_hap_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66E72623-EACF-41FC-83DD-D876A387E408",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation."
},
{
"lang": "es",
"value": "El router MikroTik hAP Lite 6.25 no tiene mecanismo de protecci\u00f3n para paquetes TCP ACK no solicitados en el caso de una conexi\u00f3n de red r\u00e1pida. lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) enviando muchos paquetes ACK. Despu\u00e9s de que el atacante detenga el exploit, el uso de CPU es 100% y el router requiere un reinicio para un funcionamiento normal"
}
],
"id": "CVE-2017-6444",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-12T05:59:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.exploitalert.com/view-details.html?id=26137"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41601/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.exploitalert.com/view-details.html?id=26137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017030029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/141449/Mikrotik-Hap-Lite-6.25-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41601/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-26 13:15
Modified
2024-11-21 04:25
Severity ?
Summary
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2019/Jul/20 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2019/Jul/20 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D24937-2767-4850-B857-8F3010456BAF",
"versionEndExcluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D771599E-D29C-442D-8981-EAB7E80E78A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected."
},
{
"lang": "es",
"value": "RouterOS de Mikrotik anterior a versi\u00f3n 6.44.5 (\u00e1rbol de actualizaciones a largo plazo) es vulnerable al agotamiento de la memoria. Mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada, un atacante remoto autenticado puede bloquear el servidor HTTP y, en algunas circunstancias, reiniciar el sistema. El c\u00f3digo no puede ser inyectado."
}
],
"id": "CVE-2019-13954",
"lastModified": "2024-11-21T04:25:46.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-26T13:15:12.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-25 22:15
Modified
2025-08-18 15:45
Severity ?
Summary
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic. The issue results from the lack of validation of the remote IP address against configured values prior to allowing ingress traffic into the internal network. An attacker can leverage this vulnerability to gain access to internal network resources. Was ZDI-CAN-26415.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-25-424/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "C28C4B62-303A-481E-BE46-13D76C1D54AF",
"versionEndExcluding": "7.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic. The issue results from the lack of validation of the remote IP address against configured values prior to allowing ingress traffic into the internal network. An attacker can leverage this vulnerability to gain access to internal network resources. Was ZDI-CAN-26415."
},
{
"lang": "es",
"value": "Vulnerabilidad de control de acceso incorrecto a la IP de origen de VXLAN en Mikrotik RouterOS. Esta vulnerabilidad permite a atacantes remotos eludir las restricciones de acceso en las instalaciones afectadas de Mikrotik RouterOS. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica se encuentra en el manejo de direcciones IP remotas al procesar el tr\u00e1fico VXLAN. El problema se debe a la falta de validaci\u00f3n de la direcci\u00f3n IP remota con los valores configurados antes de permitir el acceso a la red interna. Un atacante puede aprovechar esta vulnerabilidad para acceder a los recursos de la red interna. Anteriormente, se denomin\u00f3 ZDI-CAN-26415."
}
],
"id": "CVE-2025-6443",
"lastModified": "2025-08-18T15:45:13.223",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2025-06-25T22:15:20.960",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-424/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:59
Severity ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DD338B-DFE1-48D5-AD40-A7941FBC27ED",
"versionEndExcluding": "6.40.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "EAFC594A-61C6-4D6B-AFF2-6F5CD8D20993",
"versionEndExcluding": "6.42.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting."
},
{
"lang": "es",
"value": "Mikrotik RouterOS en versiones anteriores a la 6.42.7 y 6.40.9 es vulnerable a una vulnerabilidad de corrupci\u00f3n de memoria. Un atacante remoto autenticado puede provocar el cierre inesperado del servidor HTTP autenticando y desconectando r\u00e1pidamente."
}
],
"id": "CVE-2018-1159",
"lastModified": "2024-11-21T03:59:18.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:00.690",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-19 12:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md | Broken Link, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) en el proceso /ram/pckg/advanced-tools/nova/bin/netwatch.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un error de divisi\u00f3n por cero"
}
],
"id": "CVE-2020-20264",
"lastModified": "2024-11-21T05:11:58.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-19T12:15:07.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_netwatch/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47:*:*:*:-:*:*:*",
"matchCriteriaId": "70E15876-C2B4-49EF-AC5D-3FE0AE097F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n stable 6.47, sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/diskd.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso no v\u00e1lido a la memoria"
}
],
"id": "CVE-2020-20227",
"lastModified": "2024-11-21T05:11:56.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T20:15:07.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-10 21:29
Modified
2024-11-21 04:42
Severity ?
Summary
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-16 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-16 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mikrotik | routeros | * | |
| mikrotik | routeros | * | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.41 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.43 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 | |
| mikrotik | routeros | 6.44 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "ACADC6D1-CFEF-4F9D-966C-64D3BB0C2256",
"versionEndIncluding": "6.42.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "829F9974-1A56-4391-AFA9-4BB4B3096AFD",
"versionEndIncluding": "6.43.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc31:*:*:testing:*:*:*",
"matchCriteriaId": "C7DDCBF9-152C-421C-B326-CCFB62A42C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc32:*:*:testing:*:*:*",
"matchCriteriaId": "AA89BEC4-62A8-4DA7-AB2A-2D18A643E3F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc34:*:*:testing:*:*:*",
"matchCriteriaId": "BCA389CA-532D-432C-A5C0-69C3CFA207C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc37:*:*:testing:*:*:*",
"matchCriteriaId": "5C950CF8-62A1-4A26-9133-108DAB661394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc38:*:*:testing:*:*:*",
"matchCriteriaId": "EB7ECE0C-B21E-4EFB-85D3-1A5A846D75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc44:*:*:testing:*:*:*",
"matchCriteriaId": "3FC3F259-1C2A-4393-86E2-103495570F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc47:*:*:testing:*:*:*",
"matchCriteriaId": "C097CA40-9528-43DF-B3B7-59722AE5866A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc50:*:*:testing:*:*:*",
"matchCriteriaId": "A3793BBE-8E1A-4C07-9A52-E6DA4FE0DD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc52:*:*:testing:*:*:*",
"matchCriteriaId": "CE5A816B-6663-4633-886A-AD7E3CBA5E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc56:*:*:testing:*:*:*",
"matchCriteriaId": "B851706B-4A98-4FD3-99B0-CE239D419808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc61:*:*:testing:*:*:*",
"matchCriteriaId": "40D21FB7-E7C5-46B4-B89A-81F84EEB62B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc66:*:*:testing:*:*:*",
"matchCriteriaId": "5AAB3F87-47C7-4726-8DF1-09261C7C0613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:testing:*:*:*",
"matchCriteriaId": "B353D6FD-C9FD-4458-82AA-F9FE168B04D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:testing:*:*:*",
"matchCriteriaId": "B5A92D37-C91C-4229-9B6D-C8FDB5C1DED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:testing:*:*:*",
"matchCriteriaId": "E8B77E44-F502-4164-95A7-60C53F4C465A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:testing:*:*:*",
"matchCriteriaId": "EAF10AE7-F48F-4FEC-A43A-7E5A45AF5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*",
"matchCriteriaId": "CB43A291-A77C-445D-9F68-1FA21C257561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:testing:*:*:*",
"matchCriteriaId": "EF252049-8D6D-47D7-9543-3B53D7D0DA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:testing:*:*:*",
"matchCriteriaId": "48006BD1-EF86-4205-A1F7-C8A0D3D73EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:testing:*:*:*",
"matchCriteriaId": "4F4D0CB8-F170-49E1-BB20-E4A3698FCE69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*",
"matchCriteriaId": "A6A9B305-ECE5-45C6-8417-BC2AAF9F4FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:testing:*:*:*",
"matchCriteriaId": "E76F79DB-F504-4495-B992-E895B0F0871E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:testing:*:*:*",
"matchCriteriaId": "D2B6691E-55DA-4D39-BD80-2BCF16952308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:testing:*:*:*",
"matchCriteriaId": "A710D231-1F22-4F38-B228-30CDF0169149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:testing:*:*:*",
"matchCriteriaId": "F83EF0A6-CA00-404C-AC6C-14BB10C329B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:testing:*:*:*",
"matchCriteriaId": "CDA42D78-29F2-48B4-9422-3D39BA408E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:testing:*:*:*",
"matchCriteriaId": "6643B0FC-93D5-4F10-AC3C-323F598C5013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:testing:*:*:*",
"matchCriteriaId": "02F11653-1822-4D53-A6ED-745AC401AD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:testing:*:*:*",
"matchCriteriaId": "9BF25BBD-CF35-4EE1-8A7A-EEEBD662E0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:testing:*:*:*",
"matchCriteriaId": "2D70CCC2-48CF-4DAA-ABDF-B81F3DAA7EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:testing:*:*:*",
"matchCriteriaId": "7DF5E7C1-0426-4B1E-A44F-C91AF4F0CCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:testing:*:*:*",
"matchCriteriaId": "DB9A9D2C-697D-4ED3-9DBC-7A783C35DA91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:testing:*:*:*",
"matchCriteriaId": "C50C6C42-A148-4CBF-B843-D2DB89104387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:testing:*:*:*",
"matchCriteriaId": "525C6344-D579-4697-B092-94E75EAD7755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:testing:*:*:*",
"matchCriteriaId": "F81532B9-1525-417E-8BF2-E4A8055D2DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:testing:*:*:*",
"matchCriteriaId": "8F9181C2-FF73-4BDF-90EE-00F6B066B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:testing:*:*:*",
"matchCriteriaId": "A44766F0-BCBF-433B-BEB0-13EB334899EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc11:*:*:testing:*:*:*",
"matchCriteriaId": "2FA5B37B-9EB7-4A1C-9A20-26AFAEC2F221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc12:*:*:testing:*:*:*",
"matchCriteriaId": "D1D9CCDE-2F9A-4F6F-A457-B9671E1B5874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc14:*:*:testing:*:*:*",
"matchCriteriaId": "73E3C281-E554-412F-941A-B55BA70AC7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc17:*:*:testing:*:*:*",
"matchCriteriaId": "7F4223D5-0C3D-4C7E-A7B3-D1074A2FE75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc19:*:*:testing:*:*:*",
"matchCriteriaId": "0A088124-8494-4E57-87C0-E75EEA4098DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc21:*:*:testing:*:*:*",
"matchCriteriaId": "090A232C-1F78-4C92-854D-BA91398770D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc23:*:*:testing:*:*:*",
"matchCriteriaId": "E4A4F1E1-2510-487D-AC6A-68D4450CDA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc27:*:*:testing:*:*:*",
"matchCriteriaId": "28D50A65-95AF-479C-9661-35378B3ED2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc29:*:*:testing:*:*:*",
"matchCriteriaId": "8F478173-186D-436D-A200-4F20A7303630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc3:*:*:testing:*:*:*",
"matchCriteriaId": "8E009CEF-1FE9-47B4-BC46-382D972B47EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc32:*:*:testing:*:*:*",
"matchCriteriaId": "E8E34937-3118-4FA0-B5CD-BA14F64507A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc34:*:*:testing:*:*:*",
"matchCriteriaId": "9D9786EA-C661-4478-AFA0-00728CBB246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc4:*:*:testing:*:*:*",
"matchCriteriaId": "13F7DF28-170C-44E9-B39C-AB4B85B42201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc40:*:*:testing:*:*:*",
"matchCriteriaId": "9823F4EF-9B49-4E4F-8B89-DF02D61C5146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc42:*:*:testing:*:*:*",
"matchCriteriaId": "06860FB4-20D8-43B7-B530-CAD0BA186EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc44:*:*:testing:*:*:*",
"matchCriteriaId": "25882AF0-E9A2-4952-A1E3-755A1DBA2D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc45:*:*:testing:*:*:*",
"matchCriteriaId": "FE03C935-AC83-4B23-ABA2-67F759F10EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc5:*:*:testing:*:*:*",
"matchCriteriaId": "BD83DCDC-20D5-4580-99BF-79981E081B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc51:*:*:testing:*:*:*",
"matchCriteriaId": "AFE7F815-2B2C-4F22-B1C9-0F13257160C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc56:*:*:testing:*:*:*",
"matchCriteriaId": "F662E59F-7C43-4157-83AF-30CDC8CFFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc6:*:*:testing:*:*:*",
"matchCriteriaId": "85377655-60CC-43C9-96E3-21C136FF0ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc64:*:*:testing:*:*:*",
"matchCriteriaId": "8763E04A-F260-498D-8ABB-0655844B5ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc66:*:*:testing:*:*:*",
"matchCriteriaId": "2EB5142B-7FA6-4B74-A462-28C6E1039B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc7:*:*:testing:*:*:*",
"matchCriteriaId": "C5B8D222-A633-490C-ADA4-DDF7727B4A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta14:*:*:testing:*:*:*",
"matchCriteriaId": "8D2D7A0A-8A4A-412B-9146-BAB84270DCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta17:*:*:testing:*:*:*",
"matchCriteriaId": "2FEE0259-3406-41DD-A043-87FD52CFD2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta20:*:*:testing:*:*:*",
"matchCriteriaId": "8A8F6139-9A63-4A8A-ACB1-344B36422A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta28:*:*:testing:*:*:*",
"matchCriteriaId": "3FD287C7-0032-4CB0-96AF-24D63FE10D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta39:*:*:testing:*:*:*",
"matchCriteriaId": "2C1433B6-773B-4922-B9FF-4D7255114C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta40:*:*:testing:*:*:*",
"matchCriteriaId": "C90C3B68-82AE-4833-BF41-98F5BFB03D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta50:*:*:testing:*:*:*",
"matchCriteriaId": "ADE50771-AED1-410A-9BCC-6AE5EB46D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta54:*:*:testing:*:*:*",
"matchCriteriaId": "B139016D-08F7-4085-ADD9-16396C9B3440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta6:*:*:testing:*:*:*",
"matchCriteriaId": "A0236F88-103D-4CCD-8F6E-440048378E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta61:*:*:testing:*:*:*",
"matchCriteriaId": "BC6967CF-6B88-48F9-8D81-FE4930F400E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta75:*:*:testing:*:*:*",
"matchCriteriaId": "019DD6AA-08AD-4A9F-9817-21C776260B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta9:*:*:testing:*:*:*",
"matchCriteriaId": "B45EB891-09D4-436E-AC6A-A53CC4A6C6EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
},
{
"lang": "es",
"value": "Las versiones de MikroTik RouterOS Stable versi\u00f3n 6.43.12 y versiones posteriores, Long-term versi\u00f3n 6.42.12 y versiones posteriores, y Testing versi\u00f3n 6.44beta75 y versiones anteriores son vulnerables a un salto de directorio remoto autenticado por medio de las interfaces HTTP o Winbox. Un ataque remoto autenticado puede usar esta vulnerabilidad para leer y escribir archivos fuera del directorio sandbox (/rw/disk)."
}
],
"id": "CVE-2019-3943",
"lastModified": "2024-11-21T04:42:54.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-10T21:29:01.823",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.3:*:*:*:-:*:*:*",
"matchCriteriaId": "F9F55FFD-A047-4AB2-A2F6-53537AD2A79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n stable 6.46.3, sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso de registro.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso inapropiado a la memoria"
}
],
"id": "CVE-2020-20245",
"lastModified": "2024-11-21T05:11:57.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T20:15:07.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-26 18:15
Modified
2024-11-21 07:13
Severity ?
Summary
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md | Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AC45BF-39E8-464B-B9BB-8AD376A4A31E",
"versionEndIncluding": "6.48.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet."
},
{
"lang": "es",
"value": "Se ha detectado que Mikrotik RouterOs versiones hasta stable v6.48.3, contiene un fallo de aserci\u00f3n en el componente /advanced-tools/nova/bin/netwatch. Esta vulnerabilidad permite a atacantes causar una Denegaci\u00f3n de Servicio (DoS) por medio de un paquete dise\u00f1ado."
}
],
"id": "CVE-2022-36522",
"lastModified": "2024-11-21T07:13:13.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-26T18:15:09.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-27 14:15
Modified
2025-02-19 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://mikrotik.com | Product | |
| cve@mitre.org | http://routeros.com | Broken Link | |
| cve@mitre.org | https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mikrotik.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://routeros.com | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:*:*:*:*",
"matchCriteriaId": "29AFF54C-9291-4ADF-9DD4-1F1FF4CD2166",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets."
}
],
"id": "CVE-2023-24094",
"lastModified": "2025-02-19T19:15:12.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-27T14:15:07.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://mikrotik.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://routeros.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://mikrotik.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://routeros.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-28 19:15
Modified
2024-11-21 05:13
Severity ?
Summary
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md | Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/support | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/support | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "91339E44-1C36-4AE4-804C-38835AD32DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en Mikrotik RouterOS versi\u00f3n 6.47, permite a atacantes no autenticados causar una denegaci\u00f3n de servicio (DOS) por medio de peticiones FTP dise\u00f1adas.\n"
}
],
"id": "CVE-2020-22845",
"lastModified": "2024-11-21T05:13:26.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-28T19:15:08.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/support"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/colorlight/mikrotik_poc/blob/master/two_vulns.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/support"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/0 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.5:*:*:*:ltr:*:*:*",
"matchCriteriaId": "41C40183-6EF3-4FE0-9B4A-E1C001B2A005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.5 (long-term tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/console. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2020-20212",
"lastModified": "2024-11-21T05:11:54.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-26 13:15
Modified
2024-11-21 04:25
Severity ?
Summary
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2019/Jul/20 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2019/Jul/20 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D24937-2767-4850-B857-8F3010456BAF",
"versionEndExcluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D771599E-D29C-442D-8981-EAB7E80E78A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected."
},
{
"lang": "es",
"value": "RouterOS de Mikrotik anterior a versi\u00f3n 6.44.5 (\u00e1rbol de actualizaciones a largo plazo), es vulnerable al agotamiento de pila. Mediante el env\u00edo de una petici\u00f3n HTTP especialmente dise\u00f1ada, un atacante remoto autenticado puede bloquear el servidor HTTP por medio del an\u00e1lisis recursivo JSON. El c\u00f3digo no puede ser inyectado."
}
],
"id": "CVE-2019-13955",
"lastModified": "2024-11-21T04:25:46.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-26T13:15:12.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2019/Jul/20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-11 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/12 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/12 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /ram/pckg/wireless/nova/bin/wireless.\u0026#xa0;Un atacante autenticado remoto puede causar una Denegaci\u00f3n de Servicio debido a un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20265",
"lastModified": "2024-11-21T05:11:58.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-11T15:15:07.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-15 02:15
Modified
2025-05-14 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/BigNerd95/Chimay-Red | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/BigNerd95/Chimay-Red | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "48A6BC6C-0F39-4F53-AC01-D345CB9F8CE0",
"versionEndExcluding": "6.37.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7108B6-52D6-4DEA-A936-B3CBE2AE984D",
"versionEndExcluding": "6.38.5",
"versionStartIncluding": "6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later."
},
{
"lang": "es",
"value": "El servidor web Mikrotik RouterOS permite una corrupci\u00f3n de memoria en versiones anteriores a Stable 6.38.5 y Long-term 6.37.5, tambi\u00e9n se conoce como Chimay-Red. Un usuario remoto y no autenticado puede desencadenar la vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada. Un atacante puede utilizar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema afectado, como fue explotado \"in the wild\" mediados de 2017 y m\u00e1s tarde"
}
],
"id": "CVE-2017-20149",
"lastModified": "2025-05-14T15:15:48.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-10-15T02:15:08.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/BigNerd95/Chimay-Red"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/BigNerd95/Chimay-Red"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-19 12:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md | Broken Link, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/11 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8534A9B0-405D-4E52-8B77-F48C6FD67DEB",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/dot1x.\u0026#xa0;Un atacante remoto autenticado puede causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20266",
"lastModified": "2024-11-21T05:11:58.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-19T12:15:07.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_dot1x/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "E96DA8A8-65E0-4D1C-A15B-8A4F7A0644A1",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AA750EF2-6247-46CF-B800-C0417F6D35A5",
"versionEndIncluding": "6.45.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package\u0027s name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled."
},
{
"lang": "es",
"value": "RouterOS versi\u00f3n 6.45.6 Stable, RouterOS versi\u00f3n 6.44.5 Long-Term y anteriores, son susceptibles a una vulnerabilidad de creaci\u00f3n de directorio arbitraria por medio del campo upgrade package\u0027s name. Si un usuario autenticado instala un paquete malicioso, entonces un directorio podr\u00eda ser creado y el shell del desarrollador podr\u00eda ser habilitado."
}
],
"id": "CVE-2019-3976",
"lastModified": "2024-11-21T04:42:59.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:20.297",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:59
Severity ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | http://seclists.org/fulldisclosure/2019/Jul/20 | ||
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jul/20 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "61E0FC57-8604-4BA5-BF68-A46946C3B14E",
"versionEndExcluding": "6.40.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B4AC99-9E5F-480A-9884-D52271D2BC34",
"versionEndExcluding": "6.42.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request."
},
{
"lang": "es",
"value": "Mikrotik RouterOS en versiones anteriores a la 6.42.7 y 6.40.9 es vulnerable a una vulnerabilidad de agotamiento de memoria. Un atacante remoto autenticado puede provocar el cierre inesperado del servidor HTTP y, en algunas circunstancias, el reinicio del sistema mediante una petici\u00f3n POST HTTP manipulada."
}
],
"id": "CVE-2018-1157",
"lastModified": "2024-11-21T03:59:18.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:00.457",
"references": [
{
"source": "vulnreport@tenable.com",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3E9E61C3-F25A-43A2-AA35-A495453C2670",
"versionEndExcluding": "7.12",
"versionStartIncluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MikroTik RouterOS v7.1 a 7.11 conten\u00eda mecanismos de control de acceso incorrectos para la API Rest."
}
],
"id": "CVE-2023-41570",
"lastModified": "2024-11-21T08:21:18.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-08 12:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md | Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de consumo de recursos no controlado en el proceso /nova/bin/route. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a una sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20217",
"lastModified": "2024-11-21T05:11:55.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-08T12:15:09.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8534A9B0-405D-4E52-8B77-F48C6FD67DEB",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/ bfd.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20220",
"lastModified": "2024-11-21T05:11:55.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T20:15:07.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-07 16:15
Modified
2024-11-21 08:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| disclosure@vulncheck.com | https://vulncheck.com/advisories/mikrotik-jsproxy-dos | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vulncheck.com/advisories/mikrotik-jsproxy-dos | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3C171D42-9A4F-43E0-BF7C-13A7FEC2F049",
"versionEndExcluding": "6.49.10",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server\u0027s heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\n"
},
{
"lang": "es",
"value": "El servidor web utilizado por MikroTik RouterOS versi\u00f3n 6 se ve afectado por un problema de corrupci\u00f3n de memoria. Un atacante remoto y no autenticado puede da\u00f1ar la memoria de almacenamiento din\u00e1mico del servidor mediante el env\u00edo de una solicitud HTTP manipulada. Como resultado, la interfaz web se bloquea y se reinicia inmediatamente. El problema se solucion\u00f3 en RouterOS 6.49.10 stable. RouterOS versi\u00f3n 7 no se ve afectado."
}
],
"id": "CVE-2023-30800",
"lastModified": "2024-11-21T08:00:55.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-07T16:15:07.670",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-20 20:29
Modified
2025-08-15 20:21
Severity ?
Summary
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | http://www.securityfocus.com/bid/107177 | Third Party Advisory, VDB Entry | |
| vulnreport@tenable.com | https://www.exploit-db.com/exploits/46444/ | Exploit, Third Party Advisory, VDB Entry | |
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-07 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107177 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46444/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-07 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "6ABE243E-294B-4E3F-87C1-B259C4F05E24",
"versionEndExcluding": "6.42.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25FEA7BB-04B7-4B11-9BAB-C94D46A1CCAC",
"versionEndExcluding": "6.43.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router\u0027s firewall or for general network scanning activities."
},
{
"lang": "es",
"value": "MikroTik RouterOS, en versiones anteriores a la 6.43.12 (stable) y 6.42.12 (long-term), es vulnerable a una vulnerabilidad de intermediario. El software ejecutar\u00e1 peticiones de red definidas por el usuario a los clientes WAN y LAN. Un atacante no autenticado remoto puede emplear esta vulnerabilidad para omitir el firewall del router o para realizar actividades generales de escaneo de red."
}
],
"id": "CVE-2019-3924",
"lastModified": "2025-08-15T20:21:44.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-20T20:29:03.047",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107177"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46444/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-07"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-441"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-441"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-19 17:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/400.html | Technical Description | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/400.html | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre de un consumo no controlado de recursos en el proceso sshd. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a la sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20230",
"lastModified": "2024-11-21T05:11:56.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-19T17:15:10.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-05 16:15
Modified
2025-04-24 14:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2135F2-4A85-4B12-93D3-F32045922A85",
"versionEndExcluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Mikrotik RouterOs anteriores a la versi\u00f3n estable 7.5 conten\u00eda una lectura fuera de los l\u00edmites en el proceso del punto de acceso. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje nova manipulado."
}
],
"id": "CVE-2022-45313",
"lastModified": "2025-04-24T14:15:40.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-05T16:15:09.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/12 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/12 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "326CCEF7-D2FE-41B3-9633-D8579D9398E8",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de fallo de aserci\u00f3n en el proceso /nova/bin/user. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un fallo de aserci\u00f3n por medio de un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20225",
"lastModified": "2024-11-21T05:11:56.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-19 18:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/400.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "91339E44-1C36-4AE4-804C-38835AD32DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a estable 6.47, sufre de un consumo incontrolado de recursos en el proceso memtest. Un atacante remoto autenticado puede causar una denegaci\u00f3n de servicio debido a la sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20248",
"lastModified": "2024-11-21T05:11:57.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-19T18:15:08.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20248/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.3:*:*:*:-:*:*:*",
"matchCriteriaId": "F9F55FFD-A047-4AB2-A2F6-53537AD2A79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n stable 6.46.3, sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso mactel.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso inapropiado a la memoria"
}
],
"id": "CVE-2020-20246",
"lastModified": "2024-11-21T05:11:57.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T20:15:07.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162533/MikroTik-RouterOS-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-29 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97266 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2017030242 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/41752/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97266 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2017030242 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/41752/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF33501-CBA2-4ED1-9EF9-3FDCF8472BBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections."
},
{
"lang": "es",
"value": "Vulnerabilidad en la pila de la red de MikroTik Version 6.38.5 liberada 09-03-2017 podr\u00eda permitir a un atacante remoto no autenticado agotar toda la CPU disponible a trav\u00e9s de una inundaci\u00f3n de paquetes TCP RST, evitando que el enrutador afectado acepte nuevas conexiones TCP."
}
],
"id": "CVE-2017-7285",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-29T14:59:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97266"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/41752/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017030242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/41752/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:59
Severity ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | http://seclists.org/fulldisclosure/2019/Jul/20 | ||
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jul/20 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DD338B-DFE1-48D5-AD40-A7941FBC27ED",
"versionEndExcluding": "6.40.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "EAFC594A-61C6-4D6B-AFF2-6F5CD8D20993",
"versionEndExcluding": "6.42.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON."
},
{
"lang": "es",
"value": "Mikrotik RouterOS en versiones anteriores a la 6.42.7 y 6.40.9 es vulnerable a una vulnerabilidad de agotamiento de pila. Un atacante remoto autenticado puede provocar el cierre inesperado del servidor HTTP mediante el an\u00e1lisis recursivo de JSON."
}
],
"id": "CVE-2018-1158",
"lastModified": "2024-11-21T03:59:18.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:00.563",
"references": [
{
"source": "vulnreport@tenable.com",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/Jul/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-14 21:15
Modified
2024-11-21 04:58
Severity ?
Summary
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/botlabsDev/CVE-2020-11881 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/botlabsDev/CVE-2020-11881 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC7BC77-0736-49E7-B0A9-A603222B8DB0",
"versionEndIncluding": "6.46.5",
"versionStartIncluding": "6.41.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:7.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C3C91C52-E72E-4FFE-AD8F-1BF3993F486D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:7.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AEEE25F1-317C-4C64-BA5B-C6DDC49F3B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:7.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "47C42E9B-D581-43FE-A13B-C2900F30B642",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964."
},
{
"lang": "es",
"value": "Un error de \u00edndice de matriz en MikroTik RouterOS versiones 6.41.3 hasta 6.46.5, y versiones 7.x hasta 7.0 Beta5, permite a un atacante no autenticado remoto bloquear el servidor SMB por medio de paquetes de petici\u00f3n de configuraci\u00f3n modificados, tambi\u00e9n se conoce como SUP-12964"
}
],
"id": "CVE-2020-11881",
"lastModified": "2024-11-21T04:58:49.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-14T21:15:10.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/botlabsDev/CVE-2020-11881"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/botlabsDev/CVE-2020-11881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-11 18:15
Modified
2024-11-21 06:13
Severity ?
Summary
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2022/Jun/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Jun/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86D2559B-56EB-465F-AF5E-714EAE71F069",
"versionEndExcluding": "6.48.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a stable 6.48.2, sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso ptp. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2021-36613",
"lastModified": "2024-11-21T06:13:52.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-11T18:15:22.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "650FC13E-CC2C-426C-A315-7BD9D8572748",
"versionEndIncluding": "6.48.3",
"versionStartIncluding": "6.44.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n estable hasta 6.48.3, sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/detnet. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2020-20231",
"lastModified": "2024-11-21T05:11:56.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T14:15:08.073",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20231/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "E96DA8A8-65E0-4D1C-A15B-8A4F7A0644A1",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AA750EF2-6247-46CF-B800-C0417F6D35A5",
"versionEndIncluding": "6.45.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into \"upgrading\" to an older version of RouterOS and possibly reseting all the system\u0027s usernames and passwords."
},
{
"lang": "es",
"value": "RouterOS versi\u00f3n 6.45.6 Stable, RouterOS versi\u00f3n 6.44.5 Long-Term y anteriores, comprueban insuficientemente desde d\u00f3nde se descargan los paquetes de actualizaci\u00f3n cuando se usa la funcionalidad autoupgrade. Por lo tanto, un atacante remoto puede enga\u00f1ar al router para un \"upgrading\" a una versi\u00f3n anterior de RouterOS y posiblemente restablezca todos los nombres de usuario y contrase\u00f1as del sistema."
}
],
"id": "CVE-2019-3977",
"lastModified": "2024-11-21T04:42:59.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:20.407",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 19:15
Modified
2024-11-21 06:20
Severity ?
Summary
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326630BA-3CC3-47EB-A78F-FB5EC4E579A0",
"versionEndIncluding": "2021-01-04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter."
},
{
"lang": "es",
"value": "En MikroTik RouterOS hasta el 01-04-2021, la p\u00e1gina de inicio de sesi\u00f3n del hotspot es vulnerable a un ataque de tipo XSS reflejado por medio del par\u00e1metro objetivo."
}
],
"id": "CVE-2021-3014",
"lastModified": "2024-11-21T06:20:45.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T19:15:15.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-19 21:29
Modified
2025-08-15 20:22
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Mar/38 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/103427 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44290/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Mar/38 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103427 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44290/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mikrotik | routeros | * | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 | |
| mikrotik | routeros | 6.42 |
{
"cisaActionDue": "2022-09-29",
"cisaExploitAdd": "2022-09-08",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5AFDA3-472A-4FAC-A92C-F3836E71603F",
"versionEndExcluding": "6.41.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:*:*:*:*",
"matchCriteriaId": "EAD82B9F-CAA4-431A-BF43-838D3AF73BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:*:*:*:*",
"matchCriteriaId": "9A8EB79F-4E23-4B48-A1A1-7626AB46EFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:*:*:*:*",
"matchCriteriaId": "BD197A47-235B-48A7-9FA9-84FB67C609AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:*:*:*:*",
"matchCriteriaId": "37225B39-D5B1-41DF-9C2F-A3849E5F41AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:*:*:*:*",
"matchCriteriaId": "080A4898-A296-4950-A4F9-559F8E30A6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EEB8E89F-C85F-4193-954D-4B490F93D649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:*:*:*:*",
"matchCriteriaId": "449AAA12-1124-4C9B-8C42-F564E85F9196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:*:*:*:*",
"matchCriteriaId": "38DBFC19-271E-4687-901C-9488155BB4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:*:*:*:*",
"matchCriteriaId": "5EC55745-ABB4-4B6E-B158-5BD642DB6D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:*:*:*:*",
"matchCriteriaId": "63E57994-8BF2-4322-A7CE-D5D89F989FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D5DFE39F-F4D6-4C89-A4C9-7C6BB2F8DAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:*:*:*:*",
"matchCriteriaId": "62A59F9E-6C26-497D-B4C1-CFE14D01F79A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable."
},
{
"lang": "es",
"value": "Se ha encontrado un desbordamiento de b\u00fafer en el servicio MikroTik RouterOS SMB al procesar mensajes de petici\u00f3n de sesi\u00f3n NetBIOS. Los atacantes remotos con acceso al servicio pueden explotar esta vulnerabilidad y ejecutar c\u00f3digo en el sistema. El desbordamiento ocurre antes de que tenga lugar la autenticaci\u00f3n, por lo que es posible para un atacante remoto no autenticado explotarlo. Todas las arquitecturas y dispositivos que ejecutan RouterOS en versiones anteriores a la 6.41.3/6.42rc27 son vulnerables."
}
],
"id": "CVE-2018-7445",
"lastModified": "2025-08-15T20:22:11.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-03-19T21:29:01.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103427"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44290/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44290/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-27 04:49
Modified
2025-04-11 00:51
Severity ?
Summary
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/ | Exploit | |
| cve@mitre.org | http://www.exploit-db.com/exploits/18817 | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/75327 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/18817 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/75327 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEFE6DE-709E-45CC-BFF3-E37B9EEE2BC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router\u0027s DLLs or plugins, as demonstrated by roteros.dll."
},
{
"lang": "es",
"value": "El servicio winbox en MikroTik RouterOS v5.15 y anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU), leer la versi\u00f3n de router y posiblemente tener otros impactos a trav\u00e9s de la petici\u00f3n de descarga de complementos o DLL del router, como se demostr\u00f3 con roteros.dll."
}
],
"id": "CVE-2012-6050",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-27T04:49:26.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.133tsec.com/2012/04/30/0day-ddos-mikrotik-server-side-ddos-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75327"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 19:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree), sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/sniffer.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20222",
"lastModified": "2024-11-21T05:11:56.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T19:15:07.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-27 07:59
Modified
2025-04-20 01:37
Severity ?
Summary
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96447 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96447 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5436E3-F0C4-4AD2-B098-A5E764DFB58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.83.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24343BA3-3B12-41D3-9F19-E29EA567FAFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret."
},
{
"lang": "es",
"value": "El Cliente L2TP en MikroTik RouterOS versiones 6.83.3 y 6.37.4 no habilita el cifrado IPsec despu\u00e9s de un reinicio, lo que permite a atacantes man-in-the-middle ver los datos transmitidos sin cifrar y obtener acceso a las redes en el servidor L2TP monitorizando los paquetes para los datos transmitidos y obtener el secreto L2TP."
}
],
"id": "CVE-2017-6297",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-27T07:59:00.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96447"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-03 16:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2020/May/30 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/1 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (\u00e1rbol a largo plazo) sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/traceroute. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a la variable de contador de bucle."
}
],
"id": "CVE-2020-20218",
"lastModified": "2024-11-21T05:11:55.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-03T16:15:07.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2020/May/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-02 22:15
Modified
2024-11-21 04:09
Severity ?
Summary
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Nat-Lab/CVE-2018-5951 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Nat-Lab/CVE-2018-5951 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DED322B-DACD-4FD1-8EBE-BF3B6E897921",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Mikrotik RouterOS. Dise\u00f1ando un paquete que posea un tama\u00f1o de 1 byte y envi\u00e1ndolo hacia una direcci\u00f3n IPv6 de una caja de RouterOS con IP Protocol 97 causar\u00e1 que RouterOS se reinicie de forma inminente. Todas las versiones de RouterOS compatibles con EoIPv6 son vulnerables a este ataque."
}
],
"id": "CVE-2018-5951",
"lastModified": "2024-11-21T04:09:44.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-02T22:15:12.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Nat-Lab/CVE-2018-5951"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 02:15
Modified
2024-11-21 07:10
Severity ?
Summary
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://nns.ee/blog/2022/06/21/routeros-container-rce.html | Broken Link | |
| cve@mitre.org | https://nns.ee/blog/2022/08/05/routeros-container-rce.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nns.ee/blog/2022/06/21/routeros-container-rce.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nns.ee/blog/2022/08/05/routeros-container-rce.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:7.4:beta4:*:*:-:*:*:*",
"matchCriteriaId": "17C8FF64-79C3-4B68-9C74-C0C3F98ECDE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host."
},
{
"lang": "es",
"value": "El paquete contenedor en MikroTik RouterOS versi\u00f3n 7.4beta4, permite a un atacante crear puntos de montaje que apuntan a enlaces simb\u00f3licos, que son resueltos a ubicaciones en el dispositivo anfitri\u00f3n. Esto permite al atacante montar cualquier archivo arbitrario en cualquier ubicaci\u00f3n del host."
}
],
"id": "CVE-2022-34960",
"lastModified": "2024-11-21T07:10:28.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T02:15:19.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://nns.ee/blog/2022/06/21/routeros-container-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nns.ee/blog/2022/08/05/routeros-container-rce.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-13 13:29
Modified
2024-11-21 03:40
Severity ?
Summary
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://janis-streib.de/2018/04/11/mikrotik-openvpn-security | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://janis-streib.de/2018/04/11/mikrotik-openvpn-security | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mikrotik:routeros:6.41.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA40BC-3E41-422D-BB2A-FE3AFCE2ECFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client\u0027s internal network (for example, at site-to-site tunnels)."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en MikroTik RouterOS 6.41.4. La falta de verificaci\u00f3n de certificados del servidor OpenVPN permite que un atacante remoto no autenticado intercepte el tr\u00e1fico del cliente para actuar como un servidor OpenVPN malicioso. Esto podr\u00eda permitir que el atacante obtenga acceso a la red interna del cliente (por ejemplo, en t\u00faneles site-to-site)."
}
],
"id": "CVE-2018-10066",
"lastModified": "2024-11-21T03:40:45.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-13T13:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/graphing. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2020-20216",
"lastModified": "2024-11-21T05:11:55.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 19:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree), sufre una vulnerabilidad de fallo de afirmaci\u00f3n en el proceso btest.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un fallo de aserci\u00f3n por medio de un paquete dise\u00f1ado"
}
],
"id": "CVE-2020-20214",
"lastModified": "2024-11-21T05:11:54.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T19:15:07.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "E96DA8A8-65E0-4D1C-A15B-8A4F7A0644A1",
"versionEndIncluding": "6.44.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AA750EF2-6247-46CF-B800-C0417F6D35A5",
"versionEndIncluding": "6.45.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router\u0027s DNS cache via malicious responses with additional and untrue records."
},
{
"lang": "es",
"value": "RouterOS versi\u00f3n 6.45.6 Stable, RouterOS versi\u00f3n 6.44.5 Long-Term y anteriores, son vulnerables a un ataque de datos no relacionado con DNS. El router agrega todos los registros A a su memoria cach\u00e9 DNS incluso cuando los registros no est\u00e1n relacionados con el dominio que se consult\u00f3. Por lo tanto, un servidor DNS controlado por un atacante remoto puede envenenar la memoria cach\u00e9 DNS del router mediante respuestas maliciosas con registros adicionales y falsos."
}
],
"id": "CVE-2019-3979",
"lastModified": "2024-11-21T04:42:59.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:20.610",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-46"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-11 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/12 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/12 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AA7223-457D-46AA-8B5D-E70C53A38ED3",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree), sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/resolver.\u0026#xa0;Un atacante autenticado remoto puede causar una Denegaci\u00f3n de Servicio debido a un acceso a la memoria no v\u00e1lido"
}
],
"id": "CVE-2020-20267",
"lastModified": "2024-11-21T05:11:59.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-11T15:15:07.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-11 18:15
Modified
2024-11-21 06:13
Severity ?
Summary
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2022/Jun/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Jun/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/Jul/0 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86D2559B-56EB-465F-AF5E-714EAE71F069",
"versionEndExcluding": "6.48.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a stable 6.48.2, sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso tr069-client. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2021-36614",
"lastModified": "2024-11-21T06:13:52.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-11T18:15:22.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/Jul/0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-29 20:15
Modified
2025-06-30 14:46
Severity ?
Summary
MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/noobone123/RouterOS-issues/blob/main/README.md | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:-:*:*:*",
"matchCriteriaId": "22D51A8C-A3AA-46D3-9191-2C7982039A0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable."
},
{
"lang": "es",
"value": "En MikroTik RouterOS 6.40.5, el servicio SMB presenta una vulnerabilidad de corrupci\u00f3n de memoria. Atacantes remotos no autenticados pueden explotar este problema enviando paquetes especialmente manipulados, lo que provoca una desreferencia de puntero nulo. Esto provoca una denegaci\u00f3n de servicio remota (DoS), lo que deja el servicio SMB indisponible."
}
],
"id": "CVE-2024-54952",
"lastModified": "2025-06-30T14:46:38.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-29T20:15:26.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/noobone123/RouterOS-issues/blob/main/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://cwe.mitre.org/data/definitions/674.html | Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/674.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.5:*:*:*:ltr:*:*:*",
"matchCriteriaId": "41C40183-6EF3-4FE0-9B4A-E1C001B2A005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.5 (long-term tree) sufre de una vulnerabilidad de agotamiento de pila en el proceso /nova/bin/net. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a una sobrecarga de la CPU del sistema"
}
],
"id": "CVE-2020-20213",
"lastModified": "2024-11-21T05:11:54.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mikrotik.com/ | Product | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2021/May/2 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2021/May/2 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree) sufre de una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/igmp-proxy. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia de puntero NULL)"
}
],
"id": "CVE-2020-20219",
"lastModified": "2024-11-21T05:11:55.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-21T15:15:12.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/14 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md | Broken Link, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8534A9B0-405D-4E52-8B77-F48C6FD67DEB",
"versionEndExcluding": "6.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versiones anteriores a 6.47 (stable tree) sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/lcdstat.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio (desreferencia del puntero NULL)"
}
],
"id": "CVE-2020-20254",
"lastModified": "2024-11-21T05:11:58.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T14:15:07.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_2/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-07 14:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
"matchCriteriaId": "F7581807-5B93-4A19-8F8F-D5C694A61427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.44.6 (long-term tree) sufre una vulnerabilidad de corrupci\u00f3n de memoria en el proceso /nova/bin/diskd. Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso no v\u00e1lido a la memoria"
}
],
"id": "CVE-2020-20215",
"lastModified": "2024-11-21T05:11:54.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-07T14:15:09.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-19 03:15
Modified
2024-11-21 05:57
Severity ?
Summary
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.47.9:*:*:*:-:*:*:*",
"matchCriteriaId": "899BBA29-3A0B-41A3-A077-AB4BEF29E5F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor\u0027s position is that this is intended behavior because of how user policies work"
},
{
"lang": "es",
"value": "** EN DISPUTA ** MikroTik RouterOS versi\u00f3n 6.47.9, permite a usuarios de ftp autenticados de forma remota crear o sobrescribir archivos .rsc arbitrarios por medio del comando /export.\u0026#xa0;NOTA: la posici\u00f3n del proveedor es que este es un comportamiento previsto debido a c\u00f3mo funcionan las pol\u00edticas de usuario"
}
],
"id": "CVE-2021-27221",
"lastModified": "2024-11-21T05:57:37.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-19T03:15:12.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://onovy.medium.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:59
Severity ?
Summary
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| vulnreport@tenable.com | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/download/changelogs/bugfix-release-tree | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2018-21 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "61E0FC57-8604-4BA5-BF68-A46946C3B14E",
"versionEndExcluding": "6.40.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B4AC99-9E5F-480A-9884-D52271D2BC34",
"versionEndExcluding": "6.42.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system."
},
{
"lang": "es",
"value": "Mikrotik RouterOS en versiones anteriores a la 6.42.7 y 6.40.9 es vulnerable a un desbordamiento de b\u00fafer basado en pila a trav\u00e9s de la interfaz de actualizaci\u00f3n de la licencia. Esta vulnerabilidad podr\u00eda permitir, en teor\u00eda, que un atacante autenticado remoto ejecute c\u00f3digo arbitrario en el sistema."
}
],
"id": "CVE-2018-1156",
"lastModified": "2024-11-21T03:59:18.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:00.347",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2018-21"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-19 05:24
Modified
2025-04-09 00:30
Severity ?
Summary
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/31025 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/44944 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/6366 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31025 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/44944 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/6366 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65E288F0-B974-4F43-8496-32B2600C9D7F",
"versionEndIncluding": "2.9.51",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04970C31-680F-4171-B97C-EBBBBE829A50",
"versionEndIncluding": "3.13",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request."
},
{
"lang": "es",
"value": "RouterOS de MikroTik versiones 3.x hasta 3.13 y versiones 2.x hasta 2.9.51, permite a los atacantes remotos modificar la configuraci\u00f3n de Network Management System (NMS) por medio de una petici\u00f3n de configuraci\u00f3n SNMP dise\u00f1ada."
}
],
"id": "CVE-2008-6976",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-19T05:24:52.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31025"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/6366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/6366"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-03 02:15
Modified
2025-06-30 17:01
Severity ?
Summary
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-19797.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-710/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-23-710/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BEAEEB-B2EB-47D1-B64E-6FF302DDD05D",
"versionEndExcluding": "6.48.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-19797."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites de Mikrotik RouterOS RADVD. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Mikrotik RouterOS. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del demonio de publicidad del enrutador. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-19797."
}
],
"id": "CVE-2023-32154",
"lastModified": "2025-06-30T17:01:03.953",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
]
},
"published": "2024-05-03T02:15:20.020",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-710/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-710/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-18 06:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/May/59 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2017050062 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.vulnerability-lab.com/get_content.php?id=2064 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/May/59 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2017050062 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vulnerability-lab.com/get_content.php?id=2064 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF33501-CBA2-4ED1-9EF9-3FDCF8472BBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically."
},
{
"lang": "es",
"value": "Una vulnerabilidad en MikroTik versi\u00f3n 6.38.5 podr\u00eda permitir a un atacante remoto no autenticado agotar toda la CPU disponible mediante una inundaci\u00f3n de paquetes UDP en el puerto 500 (utilizado para L2TP a trav\u00e9s de IPsec), evitando que el enrutador afectado acepte nuevas conexiones; Todos los dispositivos se desconectar\u00e1n del enrutador y todos los registros se eliminar\u00e1n autom\u00e1ticamente."
}
],
"id": "CVE-2017-8338",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-18T06:29:00.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/May/59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017050062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-23 16:15
Modified
2024-11-21 04:55
Severity ?
Summary
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html | Exploit, Mitigation, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/48228 | Exploit, Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html | Exploit, Mitigation, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/48228 | Exploit, Mitigation, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mikrotik | routeros | * | |
| mikrotik | ccr1009-7g-1c-1s\+ | - | |
| mikrotik | ccr1009-7g-1c-1s\+pc | - | |
| mikrotik | ccr1009-7g-1c-pc | - | |
| mikrotik | ccr1016-12g | - | |
| mikrotik | ccr1016-12s-1s\+ | - | |
| mikrotik | ccr1036-12g-4s | - | |
| mikrotik | ccr1036-12g-4s-em | - | |
| mikrotik | ccr1036-8g-2s\+ | - | |
| mikrotik | ccr1036-8g-2s\+em | - | |
| mikrotik | ccr1072-1g-8s\+ | - | |
| mikrotik | hex | - | |
| mikrotik | hex_lite | - | |
| mikrotik | hex_poe | - | |
| mikrotik | hex_poe_lite | - | |
| mikrotik | hex_s | - | |
| mikrotik | powerbox | - | |
| mikrotik | powerbox_pro | - | |
| mikrotik | rb1100ahx4 | - | |
| mikrotik | rb1100ahx4 | - | |
| mikrotik | rb2011il-in | - | |
| mikrotik | rb2011il-rm | - | |
| mikrotik | rb2011ils-in | - | |
| mikrotik | rb2011uias-in | - | |
| mikrotik | rb2011uias-rm | - | |
| mikrotik | rb3011uias-rm | - | |
| mikrotik | rb4011igs\+rm | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B30CA4-E14C-4D48-97A5-D761E3CE4E27",
"versionEndIncluding": "6.44.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1FD987-CA1F-4FDA-B381-D9DBC17B99A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\\+pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "526F57A0-66E5-47B0-AA56-129A68591B9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1009-7g-1c-pc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B295C919-5D41-48EC-BE97-21A7A51B0900",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1016-12g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "918648BA-4A2B-455C-8348-98A5911F5721",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1016-12s-1s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB272F1-D066-4D9F-886E-CA883ABF447D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-12g-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3516BAD4-FFA4-4C4A-B1DB-F6B393488554",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-12g-4s-em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFCA937-CA92-409D-BC29-B0424BB8F2EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-8g-2s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7B0504-C1F7-4E83-B225-090A3BFF40E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1036-8g-2s\\+em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F116F5D-0ECE-4485-A0B6-4B4636169504",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:ccr1072-1g-8s\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "423B1B58-B64B-4797-A9BA-AA3D53F8A3F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "625E3C1B-73EE-431E-A73E-A5909DA330E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D501654E-8A50-4279-8930-4DCCD4821875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47B00042-7C48-47B7-BF84-9654C71B3D63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_poe_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AA7241-64CC-49FB-9019-5C1A82F461A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:hex_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF3EC35-EE46-4688-AD8F-13D609789824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:powerbox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FBDC6D-3EE7-41F1-B633-E6445D00698B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:powerbox_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C26C0-7553-4BD4-ACC8-80C8FFF01727",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb1100ahx4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3A5B6E-1C32-446F-8ADE-63C477D4A6E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb1100ahx4:-:*:dude:*:*:*:*:*",
"matchCriteriaId": "4F5D365D-D2CE-4449-A31F-073F0A0C95C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011il-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A41B00D7-D928-4201-B99C-EAE30735C09D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011il-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A7CA16-45FC-406A-8558-62AE2289D76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011ils-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA4DB1-5C25-4C52-9C25-7F6A1CD1C089",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011uias-in:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A357D-C6AA-44FD-960E-99D86E0AF88D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb2011uias-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "769077CF-8F3A-4C7B-B608-8185719A0552",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb3011uias-rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB41A1C-7B95-41D4-BFF7-F339FDDD7A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mikrotik:rb4011igs\\+rm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11591C89-43B0-4C40-A84D-0D5C19DCE982",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management."
},
{
"lang": "es",
"value": "El demonio SSH en los enrutadores MikroTik versiones hasta v6.44.3, podr\u00eda permitir a atacantes remotos generar actividad de CPU, desencadenar un rechazo de nuevas conexiones autorizadas y causar un reinicio por medio de llamadas de sistema de conexi\u00f3n y escritura, debido a una gesti\u00f3n de recursos no controlada."
}
],
"id": "CVE-2020-10364",
"lastModified": "2024-11-21T04:55:09.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-23T16:15:13.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/48228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 19:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.3:*:*:*:-:*:*:*",
"matchCriteriaId": "F9F55FFD-A047-4AB2-A2F6-53537AD2A79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.46.3 (stable tree), sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/sniffer.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso inapropiado a la memoria"
}
],
"id": "CVE-2020-20237",
"lastModified": "2024-11-21T05:11:57.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T19:15:07.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-18 19:15
Modified
2024-11-21 05:11
Severity ?
Summary
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mikrotik.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/May/15 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mikrotik.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.46.3:*:*:*:-:*:*:*",
"matchCriteriaId": "F9F55FFD-A047-4AB2-A2F6-53537AD2A79D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access."
},
{
"lang": "es",
"value": "Mikrotik RouterOs versi\u00f3n 6.46.3 (stable tree), sufre una vulnerabilidad de corrupci\u00f3n de la memoria en el proceso /nova/bin/sniffer.\u0026#xa0;Un atacante remoto autenticado puede causar una Denegaci\u00f3n de Servicio debido a un acceso inapropiado a la memoria"
}
],
"id": "CVE-2020-20236",
"lastModified": "2024-11-21T05:11:56.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-18T19:15:07.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/May/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mikrotik.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-14 19:15
Modified
2024-11-21 04:42
Severity ?
Summary
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2020-01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-01 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "132324AA-4B0A-4359-B2FF-3566D758A379",
"versionEndExcluding": "6.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:winbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DE5DC0-7B03-4115-9A6C-C7E34034601B",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client\u0027s authentication protocol and recover the user\u0027s username and MD5 hashed password."
},
{
"lang": "es",
"value": "MikroTik Winbox versi\u00f3n 3.20 y por debajo, es vulnerable a ataque de tipo man in the middle. Un ataque de tipo man in the middle puede degradar el protocolo de autenticaci\u00f3n del cliente y recuperar el nombre de usuario y el contrase\u00f1a con hash MD5."
}
],
"id": "CVE-2019-3981",
"lastModified": "2024-11-21T04:42:59.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-14T19:15:13.187",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-300"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}