Vulnerabilities > Mikrotik

DATE CVE VULNERABILITY TITLE RISK
2018-03-19 CVE-2018-7445 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mikrotik Routeros
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages.
network
low complexity
mikrotik CWE-119
critical
10.0
2017-12-13 CVE-2017-17537 Improper Input Validation vulnerability in Mikrotik Routerboard 6.39.2/6.40.5
MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.
network
low complexity
mikrotik CWE-20
5.0
2017-12-13 CVE-2017-17538 Unspecified vulnerability in Mikrotik Router Firmware 6.40.5
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.
network
low complexity
mikrotik
7.8
2017-05-18 CVE-2017-8338 Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.
network
low complexity
mikrotik CWE-400
7.8
2017-03-29 CVE-2017-7285 Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
network
low complexity
mikrotik CWE-400
7.8
2017-03-12 CVE-2017-6444 Resource Exhaustion vulnerability in Mikrotik Routeros 6.25
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets.
network
low complexity
mikrotik CWE-400
7.8
2017-02-27 CVE-2017-6297 Missing Encryption of Sensitive Data vulnerability in Mikrotik Routeros 6.37.4/6.83.3
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
network
mikrotik CWE-311
4.3
2015-03-19 CVE-2015-2350 Cross-Site Request Forgery (CSRF) vulnerability in Mikrotik Routeros
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
network
mikrotik CWE-352
6.8
2012-11-27 CVE-2012-6050 Configuration vulnerability in Mikrotik Routeros 5.15
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
network
low complexity
mikrotik CWE-16
6.4
2009-08-19 CVE-2008-6976 Improper Input Validation vulnerability in Mikrotik Routeros
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
network
low complexity
mikrotik CWE-20
6.4