Vulnerabilities > Mikrotik
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-19 | CVE-2018-7445 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mikrotik Routeros A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. | 10.0 |
| 2017-12-13 | CVE-2017-17537 | Improper Input Validation vulnerability in Mikrotik Routerboard 6.39.2/6.40.5 MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. | 5.0 |
| 2017-12-13 | CVE-2017-17538 | Unspecified vulnerability in Mikrotik Router Firmware 6.40.5 MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | 7.8 |
| 2017-05-18 | CVE-2017-8338 | Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5 A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically. | 7.8 |
| 2017-03-29 | CVE-2017-7285 | Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5 A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. | 7.8 |
| 2017-03-12 | CVE-2017-6444 | Resource Exhaustion vulnerability in Mikrotik Routeros 6.25 The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. | 7.8 |
| 2017-02-27 | CVE-2017-6297 | Missing Encryption of Sensitive Data vulnerability in Mikrotik Routeros 6.37.4/6.83.3 The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. | 4.3 |
| 2015-03-19 | CVE-2015-2350 | Cross-Site Request Forgery (CSRF) vulnerability in Mikrotik Routeros Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg. | 6.8 |
| 2012-11-27 | CVE-2012-6050 | Configuration vulnerability in Mikrotik Routeros 5.15 The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. | 6.4 |
| 2009-08-19 | CVE-2008-6976 | Improper Input Validation vulnerability in Mikrotik Routeros MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request. | 6.4 |