Vulnerabilities > Mikrotik
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-04 | CVE-2021-3014 | Cross-Site Scripting vulnerability in Mikrotik Routeros In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. | 4.3 |
| 2020-10-07 | CVE-2019-16160 | Integer Overflow OR Wraparound vulnerability in Mikrotik Routeros An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. | 5.0 |
| 2020-09-14 | CVE-2020-11881 | Improper Validation of Array Index vulnerability in Mikrotik Routeros 6.41.3/6.41.4/6.42 An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. | 5.0 |
| 2020-04-15 | CVE-2020-5721 | Insufficiently Protected Credentials vulnerability in Mikrotik Winbox MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. | 2.1 |
| 2020-03-23 | CVE-2020-10364 | Resource Exhaustion vulnerability in Mikrotik products The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. | 5.0 |
| 2020-03-02 | CVE-2018-5951 | Unspecified vulnerability in Mikrotik Routeros An issue was discovered in Mikrotik RouterOS. network mikrotik | 7.1 |
| 2020-02-06 | CVE-2020-5720 | Path Traversal vulnerability in Mikrotik Winbox 3.18/3.20 MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. | 4.3 |
| 2020-01-14 | CVE-2019-3981 | Unspecified vulnerability in Mikrotik Routeros and Winbox MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. network mikrotik | 4.3 |
| 2019-10-29 | CVE-2019-3979 | Improper Input Validation vulnerability in Mikrotik Routeros RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. | 5.0 |
| 2019-10-29 | CVE-2019-3978 | Missing Authentication FOR Critical Function vulnerability in Mikrotik Routeros RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. | 5.0 |