Vulnerabilities > Mikrotik > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-23 | CVE-2018-1156 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. | 8.8 |
| 2018-04-16 | CVE-2018-10070 | Resource Exhaustion vulnerability in Mikrotik Router Firmware 6.41.4 A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. | 7.5 |
| 2018-04-13 | CVE-2018-10066 | Improper Certificate Validation vulnerability in Mikrotik Routeros 6.41.4 An issue was discovered in MikroTik RouterOS 6.41.4. | 8.1 |
| 2017-12-13 | CVE-2017-17537 | Improper Input Validation vulnerability in Mikrotik Routerboard 6.39.2/6.40.5 MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. | 7.5 |
| 2017-12-13 | CVE-2017-17538 | Unspecified vulnerability in Mikrotik Router Firmware 6.40.5 MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | 7.5 |
| 2017-05-18 | CVE-2017-8338 | Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5 A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically. | 7.5 |
| 2017-03-29 | CVE-2017-7285 | Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5 A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. | 7.5 |
| 2017-03-12 | CVE-2017-6444 | Resource Exhaustion vulnerability in Mikrotik Routeros 6.25 The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. | 7.5 |