Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mikrotik Subscribe
Filtered by product Routeros
Total 73 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-20237 1 Mikrotik 1 Routeros 2022-05-03 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-22845 1 Mikrotik 1 Routeros 2022-03-08 7.8 HIGH 7.5 HIGH
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
CVE-2008-6976 1 Mikrotik 1 Routeros 2022-02-09 6.4 MEDIUM N/A
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
CVE-2020-20265 1 Mikrotik 1 Routeros 2022-01-01 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
CVE-2019-3976 1 Mikrotik 1 Routeros 2021-11-03 6.5 MEDIUM 8.8 HIGH
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
CVE-2020-20262 1 Mikrotik 1 Routeros 2021-07-30 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
CVE-2020-20219 1 Mikrotik 1 Routeros 2021-07-30 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20249 1 Mikrotik 1 Routeros 2021-07-28 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
CVE-2020-10364 1 Mikrotik 26 Ccr1009-7g-1c-1s\+, Ccr1009-7g-1c-1s\+pc, Ccr1009-7g-1c-pc and 23 more 2021-07-21 7.8 HIGH 7.5 HIGH
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
CVE-2019-16160 1 Mikrotik 1 Routeros 2021-07-21 5.0 MEDIUM 7.5 HIGH
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
CVE-2019-3979 1 Mikrotik 1 Routeros 2021-07-21 5.0 MEDIUM 7.5 HIGH
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
CVE-2020-20231 1 Mikrotik 1 Routeros 2021-07-20 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20250 1 Mikrotik 1 Routeros 2021-07-15 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.
CVE-2020-20252 1 Mikrotik 1 Routeros 2021-07-15 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20212 1 Mikrotik 1 Routeros 2021-07-08 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20225 1 Mikrotik 1 Routeros 2021-07-08 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
CVE-2020-20211 1 Mikrotik 1 Routeros 2021-07-08 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
CVE-2020-20216 1 Mikrotik 1 Routeros 2021-07-08 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20254 1 Mikrotik 1 Routeros 2021-06-01 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20264 1 Mikrotik 1 Routeros 2021-06-01 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.