Vulnerabilities > Mikrotik > Routeros > 6.37.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-23 | CVE-2018-1158 | Uncontrolled Recursion vulnerability in Mikrotik Routeros Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. | 6.5 |
| 2018-08-23 | CVE-2018-1157 | Resource Exhaustion vulnerability in Mikrotik Routeros Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. | 6.5 |
| 2018-08-23 | CVE-2018-1156 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. | 8.8 |
| 2018-08-02 | CVE-2018-14847 | Path Traversal vulnerability in Mikrotik Routeros MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | 9.1 |
| 2018-03-19 | CVE-2018-7445 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mikrotik Routeros A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. | 9.8 |
| 2017-02-27 | CVE-2017-6297 | Missing Encryption of Sensitive Data vulnerability in Mikrotik Routeros 6.37.4/6.83.3 The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. | 5.9 |