Vulnerabilities > Mikrotik > Routeros > 6.43.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-18 | CVE-2020-20254 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. | 6.5 |
| 2021-05-11 | CVE-2020-20265 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. | 6.5 |
| 2021-05-11 | CVE-2020-20267 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. | 6.5 |
| 2021-05-03 | CVE-2020-20247 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. | 6.5 |
| 2021-01-04 | CVE-2021-3014 | Cross-site Scripting vulnerability in Mikrotik Routeros In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. | 6.1 |
| 2020-10-07 | CVE-2019-16160 | Integer Underflow (Wrap or Wraparound) vulnerability in Mikrotik Routeros An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. | 7.5 |
| 2020-09-14 | CVE-2020-11881 | Improper Validation of Array Index vulnerability in Mikrotik Routeros An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. | 7.5 |
| 2020-03-23 | CVE-2020-10364 | Allocation of Resources Without Limits or Throttling vulnerability in Mikrotik Routeros The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. | 7.5 |
| 2019-10-29 | CVE-2019-3979 | Insufficient Verification of Data Authenticity vulnerability in Mikrotik Routeros RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. | 7.5 |
| 2019-10-29 | CVE-2019-3978 | Missing Authentication for Critical Function vulnerability in Mikrotik Routeros RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. | 7.5 |