U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:mikrotik:routeros:5.9:*:*:*:ltr:*:*:*
  • CPE Name Search: true
There are 39 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-30799

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.

Published: July 19, 2023; 11:15:10 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2020-20021

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.

Published: July 12, 2023; 9:15:09 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-45315

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.

Published: December 05, 2022; 11:15:10 AM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-45313

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.

Published: December 05, 2022; 11:15:09 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2017-20149

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

Published: October 14, 2022; 10:15:08 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-36522

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Published: August 26, 2022; 2:15:09 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2021-36614

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Published: May 11, 2022; 2:15:22 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-36613

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Published: May 11, 2022; 2:15:22 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20262

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Published: July 21, 2021; 11:15:12 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20221

Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Published: July 21, 2021; 11:15:12 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2020-20249

Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.

Published: July 19, 2021; 2:15:08 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20230

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Published: July 19, 2021; 1:15:10 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20252

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Published: July 13, 2021; 2:15:07 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20250

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.

Published: July 13, 2021; 8:15:09 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20217

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Published: July 08, 2021; 8:15:09 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20225

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Published: July 07, 2021; 10:15:09 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20264

Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

Published: May 19, 2021; 8:15:07 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20267

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

Published: May 11, 2021; 11:15:07 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20265

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.

Published: May 11, 2021; 11:15:07 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-3014

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.

Published: January 04, 2021; 2:15:15 PM -0500
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM