Filtered by vendor Mikrotik
Subscriptions
Filtered by product Routeros
Subscriptions
Total
78 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-3979 | 1 Mikrotik | 1 Routeros | 2021-07-21 | 7.5 High |
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records. | ||||
CVE-2020-10364 | 1 Mikrotik | 26 Ccr1009-7g-1c-1s\+, Ccr1009-7g-1c-1s\+pc, Ccr1009-7g-1c-pc and 23 more | 2021-07-21 | 7.5 High |
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. | ||||
CVE-2019-16160 | 1 Mikrotik | 1 Routeros | 2021-07-21 | 7.5 High |
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. | ||||
CVE-2020-20231 | 1 Mikrotik | 1 Routeros | 2021-07-20 | 6.5 Medium |
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ||||
CVE-2020-20212 | 1 Mikrotik | 1 Routeros | 2021-07-08 | 6.5 Medium |
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ||||
CVE-2020-20211 | 1 Mikrotik | 1 Routeros | 2021-07-08 | 6.5 Medium |
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | ||||
CVE-2020-20225 | 1 Mikrotik | 1 Routeros | 2021-07-08 | 6.5 Medium |
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | ||||
CVE-2020-20216 | 1 Mikrotik | 1 Routeros | 2021-07-08 | 6.5 Medium |
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ||||
CVE-2020-20264 | 1 Mikrotik | 1 Routeros | 2021-06-01 | 6.5 Medium |
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. | ||||
CVE-2017-6444 | 1 Mikrotik | 2 Router Hap Lite, Routeros | 2021-05-25 | 7.5 High |
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation. | ||||
CVE-2020-20253 | 1 Mikrotik | 1 Routeros | 2021-05-25 | 6.5 Medium |
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. | ||||
CVE-2020-20222 | 1 Mikrotik | 1 Routeros | 2021-05-21 | 6.5 Medium |
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ||||
CVE-2020-20220 | 1 Mikrotik | 1 Routeros | 2021-05-21 | 6.5 Medium |
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ||||
CVE-2020-20214 | 1 Mikrotik | 1 Routeros | 2021-05-21 | 6.5 Medium |
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | ||||
CVE-2021-3014 | 1 Mikrotik | 1 Routeros | 2021-01-07 | 6.1 Medium |
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. | ||||
CVE-2019-3981 | 1 Mikrotik | 2 Routeros, Winbox | 2020-10-22 | 3.7 Low |
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password. | ||||
CVE-2019-15055 | 1 Mikrotik | 1 Routeros | 2020-10-06 | N/A |
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. | ||||
CVE-2020-11881 | 1 Mikrotik | 1 Routeros | 2020-09-18 | 7.5 High |
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. | ||||
CVE-2019-13954 | 1 Mikrotik | 1 Routeros | 2020-08-24 | N/A |
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected. | ||||
CVE-2019-13955 | 1 Mikrotik | 1 Routeros | 2020-08-24 | N/A |
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected. |