Vulnerabilities > Mikrotik

DATE CVE VULNERABILITY TITLE RISK
2021-01-04 CVE-2021-3014 Cross-Site Scripting vulnerability in Mikrotik Routeros
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
network
mikrotik CWE-79
4.3
2020-10-07 CVE-2019-16160 Integer Overflow OR Wraparound vulnerability in Mikrotik Routeros
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
network
low complexity
mikrotik CWE-190
5.0
2020-09-14 CVE-2020-11881 Improper Validation of Array Index vulnerability in Mikrotik Routeros 6.41.3/6.41.4/6.42
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.
network
low complexity
mikrotik CWE-129
5.0
2020-04-15 CVE-2020-5721 Insufficiently Protected Credentials vulnerability in Mikrotik Winbox
MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set.
local
low complexity
mikrotik CWE-522
2.1
2020-03-23 CVE-2020-10364 Resource Exhaustion vulnerability in Mikrotik products
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
network
low complexity
mikrotik CWE-400
5.0
2020-03-02 CVE-2018-5951 Unspecified vulnerability in Mikrotik Routeros
An issue was discovered in Mikrotik RouterOS.
network
mikrotik
7.1
2020-02-06 CVE-2020-5720 Path Traversal vulnerability in Mikrotik Winbox 3.18/3.20
MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions.
network
mikrotik CWE-22
4.3
2020-01-14 CVE-2019-3981 Unspecified vulnerability in Mikrotik Routeros and Winbox
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks.
network
mikrotik
4.3
2019-10-29 CVE-2019-3979 Improper Input Validation vulnerability in Mikrotik Routeros
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack.
network
low complexity
mikrotik CWE-20
5.0
2019-10-29 CVE-2019-3978 Missing Authentication FOR Critical Function vulnerability in Mikrotik Routeros
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291.
network
low complexity
mikrotik CWE-306
5.0