Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mikrotik Subscribe
Filtered by product Routeros
Total 73 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45313 1 Mikrotik 1 Routeros 2023-02-03 N/A 8.8 HIGH
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.
CVE-2022-45315 1 Mikrotik 1 Routeros 2023-02-03 N/A 9.8 CRITICAL
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.
CVE-2020-20213 1 Mikrotik 1 Routeros 2022-11-07 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
CVE-2020-20217 1 Mikrotik 1 Routeros 2022-11-07 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
CVE-2020-20248 1 Mikrotik 1 Routeros 2022-11-07 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
CVE-2020-20221 1 Mikrotik 1 Routeros 2022-10-26 6.8 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
CVE-2017-20149 1 Mikrotik 1 Routeros 2022-10-20 N/A 9.8 CRITICAL
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.
CVE-2021-36613 1 Mikrotik 1 Routeros 2022-10-18 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2021-36614 1 Mikrotik 1 Routeros 2022-10-18 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20230 1 Mikrotik 1 Routeros 2022-09-08 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
CVE-2022-36522 1 Mikrotik 1 Routeros 2022-09-01 N/A 6.5 MEDIUM
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2022-34960 1 Mikrotik 1 Routeros 2022-08-31 N/A 9.8 CRITICAL
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
CVE-2020-22844 1 Mikrotik 1 Routeros 2022-07-12 5.0 MEDIUM 7.5 HIGH
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
CVE-2021-41987 1 Mikrotik 1 Routeros 2022-06-30 6.8 MEDIUM 8.1 HIGH
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
CVE-2020-20215 1 Mikrotik 1 Routeros 2022-05-03 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
CVE-2020-20246 1 Mikrotik 1 Routeros 2022-05-03 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20218 1 Mikrotik 1 Routeros 2022-05-03 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
CVE-2020-20236 1 Mikrotik 1 Routeros 2022-05-03 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20227 1 Mikrotik 1 Routeros 2022-05-03 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
CVE-2020-20237 1 Mikrotik 1 Routeros 2022-05-03 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.