Vulnerabilities > Mikrotik > Routeros > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-23 CVE-2018-1159 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mikrotik Routeros
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability.
network
low complexity
mikrotik CWE-119
6.5
2018-08-23 CVE-2018-1158 Uncontrolled Recursion vulnerability in Mikrotik Routeros
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability.
network
low complexity
mikrotik CWE-674
6.5
2018-08-23 CVE-2018-1157 Resource Exhaustion vulnerability in Mikrotik Routeros
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability.
network
low complexity
mikrotik CWE-400
6.5
2017-02-27 CVE-2017-6297 Missing Encryption of Sensitive Data vulnerability in Mikrotik Routeros 6.37.4/6.83.3
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
network
high complexity
mikrotik CWE-311
5.9