Mikrotik

Routeros

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2025-61481

  • EPSS 0.03%
  • Veröffentlicht 27.10.2025 00:00:00
  • Zuletzt bearbeitet 30.10.2025 18:15:32

An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials.

9

CVE-2025-10948

  • EPSS 0.24%
  • Veröffentlicht 25.09.2025 14:15:43
  • Zuletzt bearbeitet 13.10.2025 17:15:34

A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out re...

4.8

CVE-2025-6563

  • EPSS 0.29%
  • Veröffentlicht 03.07.2025 11:18:26
  • Zuletzt bearbeitet 03.07.2025 15:13:53

A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS...

6.5

CVE-2023-47310

  • EPSS 0.06%
  • Veröffentlicht 30.06.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 20:15:23

A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.

7.2

CVE-2025-6443

  • EPSS 0.15%
  • Veröffentlicht 25.06.2025 21:29:22
  • Zuletzt bearbeitet 18.08.2025 15:45:13

Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerabi...

7.5

CVE-2024-54952

  • EPSS 0.17%
  • Veröffentlicht 29.05.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 14:46:38

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial ...

5.4

CVE-2024-54772

Exploit
  • EPSS 4.71%
  • Veröffentlicht 11.02.2025 23:15:09
  • Zuletzt bearbeitet 30.06.2025 14:48:12

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection at...

7.5

CVE-2023-32154

  • EPSS 3.07%
  • Veröffentlicht 03.05.2024 02:15:20
  • Zuletzt bearbeitet 30.06.2025 17:01:03

Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit ...

5.3

CVE-2023-41570

Exploit
  • EPSS 0.06%
  • Veröffentlicht 14.11.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:21:18

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.

7.5

CVE-2023-30800

Exploit
  • EPSS 9.76%
  • Veröffentlicht 07.09.2023 16:15:07
  • Zuletzt bearbeitet 21.11.2025 17:15:49

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and...