Mikrotik

Routeros

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2023-30799

  • EPSS 0.29%
  • Veröffentlicht 19.07.2023 15:15:10
  • Zuletzt bearbeitet 21.11.2025 17:15:49

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker ca...

7.5

CVE-2020-20021

Exploit
  • EPSS 0.07%
  • Veröffentlicht 12.07.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:11:49

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.

7.5

CVE-2023-24094

Exploit
  • EPSS 0.06%
  • Veröffentlicht 27.03.2023 14:15:07
  • Zuletzt bearbeitet 19.02.2025 19:15:12

An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.

9.8

CVE-2022-45315

Exploit
  • EPSS 1.88%
  • Veröffentlicht 05.12.2022 16:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:41

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.

8.8

CVE-2022-45313

Exploit
  • EPSS 7.3%
  • Veröffentlicht 05.12.2022 16:15:09
  • Zuletzt bearbeitet 24.04.2025 14:15:40

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.

9.8

CVE-2017-20149

Exploit
  • EPSS 2.39%
  • Veröffentlicht 15.10.2022 02:15:08
  • Zuletzt bearbeitet 14.05.2025 15:15:48

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use th...

6.5

CVE-2022-36522

Exploit
  • EPSS 0.44%
  • Veröffentlicht 26.08.2022 18:15:09
  • Zuletzt bearbeitet 21.11.2024 07:13:13

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

9.8

CVE-2022-34960

Exploit
  • EPSS 0.53%
  • Veröffentlicht 25.08.2022 02:15:19
  • Zuletzt bearbeitet 21.11.2024 07:10:28

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.

6.5

CVE-2021-36614

Exploit
  • EPSS 0.91%
  • Veröffentlicht 11.05.2022 18:15:22
  • Zuletzt bearbeitet 21.11.2024 06:13:52

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5

CVE-2021-36613

Exploit
  • EPSS 0.91%
  • Veröffentlicht 11.05.2022 18:15:22
  • Zuletzt bearbeitet 21.11.2024 06:13:52

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).