Mikrotik

Routeros

88 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-32154

  • EPSS 0.61%
  • Veröffentlicht 03.05.2024 02:15:20
  • Zuletzt bearbeitet 30.06.2025 17:01:03

Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit ...

5.3

CVE-2023-41570

Exploit
  • EPSS 0.47%
  • Veröffentlicht 14.11.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:21:18

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.

7.5

CVE-2023-30800

Exploit
  • EPSS 1.7%
  • Veröffentlicht 07.09.2023 16:15:07
  • Zuletzt bearbeitet 21.11.2025 17:15:49

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and...

7.2

CVE-2023-30799

  • EPSS 1.31%
  • Veröffentlicht 19.07.2023 15:15:10
  • Zuletzt bearbeitet 21.11.2025 17:15:49

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker ca...

7.5

CVE-2020-20021

Exploit
  • EPSS 1.34%
  • Veröffentlicht 12.07.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:11:49

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.

7.5

CVE-2023-24094

Exploit
  • EPSS 1.11%
  • Veröffentlicht 27.03.2023 14:15:07
  • Zuletzt bearbeitet 19.02.2025 19:15:12

An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.

9.8

CVE-2022-45315

Exploit
  • EPSS 1.26%
  • Veröffentlicht 05.12.2022 16:15:10
  • Zuletzt bearbeitet 09.04.2026 21:16:04

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows authenticated attackers to execute arbitrary code via a crafted packet.

8.8

CVE-2022-45313

Exploit
  • EPSS 1.44%
  • Veröffentlicht 05.12.2022 16:15:09
  • Zuletzt bearbeitet 24.04.2025 14:15:40

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.

9.8

CVE-2017-20149

Exploit
  • EPSS 2.55%
  • Veröffentlicht 15.10.2022 02:15:08
  • Zuletzt bearbeitet 14.05.2025 15:15:48

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use th...

6.5

CVE-2022-36522

Exploit
  • EPSS 1.11%
  • Veröffentlicht 26.08.2022 18:15:09
  • Zuletzt bearbeitet 21.11.2024 07:13:13

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.