Vulnerabilities > Mikrotik > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-23 | CVE-2018-1158 | Uncontrolled Recursion vulnerability in Mikrotik Routeros Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. | 4.0 |
| 2018-08-23 | CVE-2018-1157 | Resource Exhaustion vulnerability in Mikrotik Routeros Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. | 6.8 |
| 2018-08-02 | CVE-2018-14847 | Path Traversal vulnerability in Mikrotik Routeros MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | 6.4 |
| 2018-04-13 | CVE-2018-10066 | Improper Certificate Validation vulnerability in Mikrotik Routeros 6.41.4 An issue was discovered in MikroTik RouterOS 6.41.4. | 6.8 |
| 2017-12-13 | CVE-2017-17537 | Improper Input Validation vulnerability in Mikrotik Routerboard 6.39.2/6.40.5 MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. | 5.0 |
| 2017-02-27 | CVE-2017-6297 | Missing Encryption of Sensitive Data vulnerability in Mikrotik Routeros 6.37.4/6.83.3 The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. | 4.3 |
| 2015-03-19 | CVE-2015-2350 | Cross-Site Request Forgery (CSRF) vulnerability in Mikrotik Routeros Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg. | 6.8 |
| 2012-11-27 | CVE-2012-6050 | Configuration vulnerability in Mikrotik Routeros 5.15 The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. | 6.4 |
| 2009-08-19 | CVE-2008-6976 | Improper Input Validation vulnerability in Mikrotik Routeros MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request. | 6.4 |