Vulnerabilities > Mikrotik
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-14 | CVE-2020-11881 | Improper Validation of Array Index vulnerability in Mikrotik Routeros An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. | 7.5 |
| 2020-04-15 | CVE-2020-5721 | Insufficiently Protected Credentials vulnerability in Mikrotik Winbox MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. | 5.5 |
| 2020-03-23 | CVE-2020-10364 | Allocation of Resources Without Limits or Throttling vulnerability in Mikrotik Routeros The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. | 7.5 |
| 2020-03-02 | CVE-2018-5951 | Unspecified vulnerability in Mikrotik Routeros An issue was discovered in Mikrotik RouterOS. | 7.5 |
| 2020-02-06 | CVE-2020-5720 | Path Traversal vulnerability in Mikrotik Winbox 3.18/3.20 MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. | 5.9 |
| 2020-01-14 | CVE-2019-3981 | Unspecified vulnerability in Mikrotik Routeros and Winbox MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. | 3.7 |
| 2019-10-29 | CVE-2019-3979 | Insufficient Verification of Data Authenticity vulnerability in Mikrotik Routeros RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. | 7.5 |
| 2019-10-29 | CVE-2019-3978 | Missing Authentication for Critical Function vulnerability in Mikrotik Routeros RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. | 7.5 |
| 2019-10-29 | CVE-2019-3977 | Download of Code Without Integrity Check vulnerability in Mikrotik Routeros RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. | 7.5 |
| 2019-10-29 | CVE-2019-3976 | Path Traversal vulnerability in Mikrotik Routeros RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. | 8.8 |