This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mikrotik First view 2018-03-19
Product Routeros Last view 2023-11-14
Version 6.36.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition ltr  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:mikrotik:routeros

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2023-11-14 CVE-2023-41570

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.

7.5 2023-09-07 CVE-2023-30800

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.

7.2 2023-07-19 CVE-2023-30799

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.

7.5 2023-07-12 CVE-2020-20021

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.

9.8 2022-12-05 CVE-2022-45315

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.

8.8 2022-12-05 CVE-2022-45313

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.

9.8 2022-10-15 CVE-2017-20149

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

6.5 2022-08-26 CVE-2022-36522

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

6.5 2022-05-11 CVE-2021-36614

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5 2022-05-11 CVE-2021-36613

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5 2021-07-21 CVE-2020-20262

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5 2021-07-21 CVE-2020-20221

Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5 2021-07-19 CVE-2020-20249

Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.

6.5 2021-07-19 CVE-2020-20230

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5 2021-07-14 CVE-2020-20231

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5 2021-07-13 CVE-2020-20252

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5 2021-07-13 CVE-2020-20250

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.

6.5 2021-07-08 CVE-2020-20217

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

6.5 2021-07-07 CVE-2020-20225

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

6.5 2021-05-19 CVE-2020-20266

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5 2021-05-19 CVE-2020-20264

Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

6.5 2021-05-18 CVE-2020-20254

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5 2021-05-18 CVE-2020-20253

Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

6.5 2021-05-18 CVE-2020-20220

Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

6.5 2021-05-11 CVE-2020-20267

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

CWE : Common Weakness Enumeration

%idName
24% (12) CWE-787 Out-of-bounds Write
12% (6) CWE-476 NULL Pointer Dereference
10% (5) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
8% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
6% (3) CWE-770 Allocation of Resources Without Limits or Throttling
6% (3) CWE-617 Reachable Assertion
6% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (2) CWE-674 Uncontrolled Recursion
4% (2) CWE-369 Divide By Zero
4% (2) CWE-125 Out-of-bounds Read
2% (1) CWE-494 Download of Code Without Integrity Check
2% (1) CWE-441 Unintended Proxy/Intermediary
2% (1) CWE-345 Insufficient Verification of Data Authenticity
2% (1) CWE-306 Missing Authentication for Critical Function
2% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
2% (1) CWE-129 Improper Validation of Array Index
2% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

SAINT Exploits

Description Link
MicroTik RouterOS SMB buffer overflow More info here

Snort® IPS/IDS

Date Description
2020-12-05 Mikrotik RouterOS directory traversal attempt
RuleID : 47684 - Type : SERVER-OTHER - Revision : 1
2018-09-18 MikroTik RouterOS Winbox user.dat file read attempt
RuleID : 47570 - Type : SERVER-OTHER - Revision : 2
2018-05-23 MikroTik RouterOS buffer overflow attempt
RuleID : 46076-community - Type : NETBIOS - Revision : 2
2018-04-27 MikroTik RouterOS buffer overflow attempt
RuleID : 46076 - Type : NETBIOS - Revision : 2

Nessus® Vulnerability Scanner

id Description
2018-09-06 Name: The remote networking device is affected by an unauthenticated arbitrary file...
File: mikrotik_cve_2018-14847.nasl - Type: ACT_ATTACK
2018-08-24 Name: The remote networking device is affected by multiple vulnerabilities.
File: mikrotik_aug_2018.nasl - Type: ACT_GATHER_INFO
2018-03-22 Name: The remote networking device is affected by a buffer overflow vulnerability.
File: mikrotik_6_41_3.nasl - Type: ACT_GATHER_INFO