Vulnerabilities > Mikrotik > Routeros > 6.45.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-18 | CVE-2020-20254 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. | 6.5 |
| 2021-05-11 | CVE-2020-20265 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. | 6.5 |
| 2021-05-11 | CVE-2020-20267 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. | 6.5 |
| 2021-05-03 | CVE-2020-20247 | Out-of-bounds Write vulnerability in Mikrotik Routeros Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. | 6.5 |
| 2021-01-04 | CVE-2021-3014 | Cross-site Scripting vulnerability in Mikrotik Routeros In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. | 6.1 |
| 2020-09-14 | CVE-2020-11881 | Improper Validation of Array Index vulnerability in Mikrotik Routeros An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. | 7.5 |
| 2019-10-29 | CVE-2019-3979 | Insufficient Verification of Data Authenticity vulnerability in Mikrotik Routeros RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. | 7.5 |
| 2019-10-29 | CVE-2019-3978 | Missing Authentication for Critical Function vulnerability in Mikrotik Routeros RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. | 7.5 |
| 2019-10-29 | CVE-2019-3977 | Download of Code Without Integrity Check vulnerability in Mikrotik Routeros RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. | 7.5 |
| 2019-10-29 | CVE-2019-3976 | Path Traversal vulnerability in Mikrotik Routeros RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. | 8.8 |